British Telecommunications Webhelper Multiple Buffer Overflow Vulnerabilities
BID:24216
Info
British Telecommunications Webhelper Multiple Buffer Overflow Vulnerabilities
| Bugtraq ID: | 24216 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-2982 |
| Remote: | Yes |
| Local: | No |
| Published: | May 29 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | Will Dormann is credited with the discovery of these issues. |
| Vulnerable: |
British Telecommunications Business Connect Webhelper ActiveX Control 1.0.0.6 |
| Not Vulnerable: |
British Telecommunications Business Connect Webhelper ActiveX Control 1.0.0.7 |
Discussion
British Telecommunications Webhelper Multiple Buffer Overflow Vulnerabilities
The British Telecommunications Webhelper ActiveX control is prone to multiple buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
Versions of British Telecommunications Webhelper ActiveX Control prior to 1.0.0.7 are vulnerable to these issues.
The British Telecommunications Webhelper ActiveX control is prone to multiple buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
Versions of British Telecommunications Webhelper ActiveX Control prior to 1.0.0.7 are vulnerable to these issues.
Exploit / POC
British Telecommunications Webhelper Multiple Buffer Overflow Vulnerabilities
To exploit these issues, an attacker must entice an unsuspecting user to access a malicious webpage.
To exploit these issues, an attacker must entice an unsuspecting user to access a malicious webpage.
Solution / Fix
British Telecommunications Webhelper Multiple Buffer Overflow Vulnerabilities
Solution:
The vendor has released version 1.0.0.7 to address these issues; please see the references for details.
Solution:
The vendor has released version 1.0.0.7 to address these issues; please see the references for details.
References
British Telecommunications Webhelper Multiple Buffer Overflow Vulnerabilities
References:
References:
- British Telecommunications Web Site (British Telecommunications)
- Microsoft Knowledge Base Article 240797 (Microsoft)