GlobalLink GLItemCom.DLL ActiveX Control Heap Buffer Overflow Vulnerability
BID:25565
Info
GlobalLink GLItemCom.DLL ActiveX Control Heap Buffer Overflow Vulnerability
| Bugtraq ID: | 25565 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4802 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 05 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | void is credited with the discovery of this vulnerability. |
| Vulnerable: |
GlobalLink GlobalLink 2.7.0.8 |
| Not Vulnerable: | |
Discussion
GlobalLink GLItemCom.DLL ActiveX Control Heap Buffer Overflow Vulnerability
GlobalLink is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
GlobalLink 2.7.0.8 is vulnerable; other versions may also be affected.
GlobalLink is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
GlobalLink 2.7.0.8 is vulnerable; other versions may also be affected.
Exploit / POC
GlobalLink GLItemCom.DLL ActiveX Control Heap Buffer Overflow Vulnerability
An attacker may exploit this issue by enticing a victim into visiting a malicious webpage.
Further investigation reveals this issue is being exploited in the wild through limited attacks.
The following exploit code is available:
An attacker may exploit this issue by enticing a victim into visiting a malicious webpage.
Further investigation reveals this issue is being exploited in the wild through limited attacks.
The following exploit code is available:
Solution / Fix
GlobalLink GLItemCom.DLL ActiveX Control Heap Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
GlobalLink GLItemCom.DLL ActiveX Control Heap Buffer Overflow Vulnerability
References:
References:
- GlobalLink Heap Buffer-Overflow Vulnerability (ph4nt0m.org)
- Microsoft Support Document 240797 (Microsoft)