Internet Download Accelerator ActiveX Control Buffer Overflow Vulnerability
BID:24400
Info
Internet Download Accelerator ActiveX Control Buffer Overflow Vulnerability
| Bugtraq ID: | 24400 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-3162 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 09 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | Dr.Pantagon discovered this issue |
| Vulnerable: |
WestByte Internet Download Accelerator 5.2 |
| Not Vulnerable: | |
Discussion
Internet Download Accelerator ActiveX Control Buffer Overflow Vulnerability
Internet Download Accelerator ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of applications that use the affected control (typically Internet Explorer).
Internet Download Accelerator 5.2 is vulnerable; other versions may also be affected.
Internet Download Accelerator ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of applications that use the affected control (typically Internet Explorer).
Internet Download Accelerator 5.2 is vulnerable; other versions may also be affected.
Exploit / POC
Internet Download Accelerator ActiveX Control Buffer Overflow Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to access a malicious webpage.
The following exploit is available:
To exploit this issue, an attacker must entice an unsuspecting user to access a malicious webpage.
The following exploit is available:
Solution / Fix
Internet Download Accelerator ActiveX Control Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Internet Download Accelerator ActiveX Control Buffer Overflow Vulnerability
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Vendor Homepage (WestByte)