eCentrex VOIP Client UACOMX.OCX ActiveX Control Buffer Overflow Vulnerability
BID:25383
Info
eCentrex VOIP Client UACOMX.OCX ActiveX Control Buffer Overflow Vulnerability
| Bugtraq ID: | 25383 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4489 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 21 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | rgod is credited with the discovery of this issue. |
| Vulnerable: |
eCentrex VOIP Client ActiveX Control 2.0.1 |
| Not Vulnerable: | |
Discussion
eCentrex VOIP Client UACOMX.OCX ActiveX Control Buffer Overflow Vulnerability
eCentrex VOIP Client ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
eCentrex VOIP Client ActiveX control 2.0.1 is vulnerable to this issue; other versions may also be affected.
eCentrex VOIP Client ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
eCentrex VOIP Client ActiveX control 2.0.1 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
eCentrex VOIP Client UACOMX.OCX ActiveX Control Buffer Overflow Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to access a malicious webpage.
The following exploit is available:
To exploit this issue, an attacker must entice an unsuspecting user to access a malicious webpage.
The following exploit is available:
Solution / Fix
eCentrex VOIP Client UACOMX.OCX ActiveX Control Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
eCentrex VOIP Client UACOMX.OCX ActiveX Control Buffer Overflow Vulnerability
References:
References:
- eCentrex Home Page (eCentrex)
- Microsoft Knowledge Base Article 240797 (Microsoft)