E-Book Systems FlipViewer FlipViewerX.DLL ActiveX Multiple Buffer Overflow Vulnerabilities
BID:24328
Info
E-Book Systems FlipViewer FlipViewerX.DLL ActiveX Multiple Buffer Overflow Vulnerabilities
| Bugtraq ID: | 24328 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-2919 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 05 2007 12:00AM |
| Updated: | Jun 05 2007 11:30PM |
| Credit: | Will Dormann is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
E-Book Systems FlipViewer 4.0 |
| Not Vulnerable: |
E-Book Systems FlipViewer 4.1 |
Discussion
E-Book Systems FlipViewer FlipViewerX.DLL ActiveX Multiple Buffer Overflow Vulnerabilities
E-Book Systems FlipViewer ActiveX Control is prone to multiple buffer-overflow vulnerabilities.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
Versions prior to FlipViewer 4.0 are vulnerable; other versions may also be affected.
E-Book Systems FlipViewer ActiveX Control is prone to multiple buffer-overflow vulnerabilities.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
Versions prior to FlipViewer 4.0 are vulnerable; other versions may also be affected.
Exploit / POC
E-Book Systems FlipViewer FlipViewerX.DLL ActiveX Multiple Buffer Overflow Vulnerabilities
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
E-Book Systems FlipViewer FlipViewerX.DLL ActiveX Multiple Buffer Overflow Vulnerabilities
Solution:
The vendor has released version 4.1 to address this issue; please see the references for details.
E-Book Systems FlipViewer 4.0
Solution:
The vendor has released version 4.1 to address this issue; please see the references for details.
E-Book Systems FlipViewer 4.0
-
E-Book Systems fv410.exe
http://www.flipviewer.com/exe/fv410.exe
References
E-Book Systems FlipViewer FlipViewerX.DLL ActiveX Multiple Buffer Overflow Vulnerabilities
References:
References:
- E-Book Systems FlipViewer ActiveX control stack buffer overflows (US-CERT)
- FlipViewer Web Site (FlipViewer)
- Microsoft Knowledge Base Article 240797 (Microsoft)