GlobalLink glitemflat.dll ActiveX Control Heap Buffer Overflow Vulnerability

Bugtraq ID:	25586
Class:	Boundary Condition Error
CVE:	CVE-2007-4802
Remote:	Yes
Local:	No
Published:	Sep 07 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	void is credited with the discovery of this vulnerability.
Vulnerable:	GlobalLink GlobalLink 2.7.0.8
Not Vulnerable:

GlobalLink glitemflat.dll ActiveX Control Heap Buffer Overflow Vulnerability

GlobalLink is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.

GlobalLink 2.7.0.8 is vulnerable; other versions may also be affected.

GlobalLink glitemflat.dll ActiveX Control Heap Buffer Overflow Vulnerability

An attacker may exploit this issue by enticing a victim into visiting a malicious webpage.

The following exploit code is available:

• /data/vulnerabilities/exploits/25586.html

GlobalLink glitemflat.dll ActiveX Control Heap Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

GlobalLink glitemflat.dll ActiveX Control Heap Buffer Overflow Vulnerability

References:

• Microsoft Support Document 240797 (Microsoft)
  
• GlobalLink 2.7.0.8 glitemflat.dll SetClientInfo() Heap Overflow (void)