BaoFeng Storm MPS.DLL ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

Bugtraq ID:	25601
Class:	Boundary Condition Error
CVE:	CVE-2007-4816
Remote:	Yes
Local:	No
Published:	Sep 08 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	ZhenHan.Liu is credited with the discovery of these vulnerabilities.
Vulnerable:	BaoFeng Storm 2.7.9 .8
Not Vulnerable:	BaoFeng Storm 2.7.9 .10

BaoFeng Storm MPS.DLL ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

BaoFeng Storm ActiveX control is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

BaoFeng Storm MPS.DLL ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

NOTE: Further investigation indicates that this issue is being exploited in the wild.

The following proof-of-concept examples and exploit code are available:

• /data/vulnerabilities/exploits/09082007-storm.zip
• /data/vulnerabilities/exploits/25601.html

BaoFeng Storm MPS.DLL ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

Solution:
The vendor has released Storm 2.7.9.10 to address these issues. Please contact the vendor to obtain fixes.

BaoFeng Storm MPS.DLL ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

References:

• BaoFeng Homepage (BaoFeng)
  
• Chinese Weekend Compromise (Trend Micro)
  
• JS_IFRAME.AD (Trend Micro)
  
• Microsoft Knowledge Base Article 240797 (Microsoft)
  
• Storm 2.7.9.10 (BaoFeng)