Broderbund 3DGreetings Player ActiveX Control Multiple Buffer Overflow Vulnerabilities
BID:25564
Info
Broderbund 3DGreetings Player ActiveX Control Multiple Buffer Overflow Vulnerabilities
| Bugtraq ID: | 25564 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4472 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 05 2007 12:00AM |
| Updated: | Sep 11 2007 05:51PM |
| Credit: | Will Dormann of the CERT/CC is credited with discovering these vulnerabilities. |
| Vulnerable: |
Broderbund 3D Greetings Player 0 |
| Not Vulnerable: | |
Discussion
Broderbund 3DGreetings Player ActiveX Control Multiple Buffer Overflow Vulnerabilities
Broderbund 3DGreetings Player is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before copying it into insufficiently sized memory buffers.
Exploiting these issues allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control (typically Internet Explorer) and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.
NOTE: 3DGreetings Player was originally owned by Expressit but is now owned by Broderbund.
Broderbund 3DGreetings Player is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before copying it into insufficiently sized memory buffers.
Exploiting these issues allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control (typically Internet Explorer) and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.
NOTE: 3DGreetings Player was originally owned by Expressit but is now owned by Broderbund.
Exploit / POC
Broderbund 3DGreetings Player ActiveX Control Multiple Buffer Overflow Vulnerabilities
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Broderbund 3DGreetings Player ActiveX Control Multiple Buffer Overflow Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Broderbund 3DGreetings Player ActiveX Control Multiple Buffer Overflow Vulnerabilities
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Vendor Homepage (Broderbund)
- VU#574401 Broderbund Expressit 3DGreetings Player ActiveX control buffer overflo (US-CERT)