Earth Resource Mapper NCSView ActiveX Control Multiple Buffer Overflow Vulnerabilities

Bugtraq ID:	25584
Class:	Boundary Condition Error
CVE:	CVE-2007-4470
Remote:	Yes
Local:	No
Published:	Sep 06 2007 12:00AM
Updated:	Sep 10 2007 04:31PM
Credit:	Will Dormann is credited with the discovery of these vulnerabilities.
Vulnerable:	ER Mapper NCSView ActiveX 0
Not Vulnerable:	ER Mapper NCSView ActiveX 3.4.0.242

Earth Resource Mapper NCSView ActiveX Control Multiple Buffer Overflow Vulnerabilities

The Earth Resource Mapper (ER Mapper) NCSView ActiveX control is prone to multiple unspecified buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

Earth Resource Mapper NCSView ActiveX Control Multiple Buffer Overflow Vulnerabilities

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Earth Resource Mapper NCSView ActiveX Control Multiple Buffer Overflow Vulnerabilities

Solution:
The vendor has released an update to address these issues. Please contact the vendor for details on obtaining and applying the appropriate updates.

Earth Resource Mapper NCSView ActiveX Control Multiple Buffer Overflow Vulnerabilities

References:

• ER Mapper Professional Homepage (ER Mapper)
  
• Microsoft Knowledge Base Article 240797 (Microsoft)
  
• Vulnerability Note VU#589188 Earth Resource Mapping NCSView ActiveX control stac (US-CERT)