Ultra Crypto Component CryptoX.dll ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
BID:25609
Info
Ultra Crypto Component CryptoX.dll ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
| Bugtraq ID: | 25609 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4903 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 10 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | shinnai is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Ultra Shareware Ultra Crypto Component 0 |
| Not Vulnerable: | |
Discussion
Ultra Crypto Component CryptoX.dll ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
Ultra Crypto Component ActiveX control is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
Ultra Crypto Component ActiveX control is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
Exploit / POC
Ultra Crypto Component CryptoX.dll ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
UPDATE (September 23, 2008): Symantec has detected active attempts to exploit the 'AcquireContext()' method.
The following exploit is available:
UPDATE (September 23, 2008): Symantec has detected active attempts to exploit the 'AcquireContext()' method.
The following exploit is available:
Solution / Fix
Ultra Crypto Component CryptoX.dll ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Ultra Crypto Component CryptoX.dll ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Ultra Crypto Component Homepage (Ultra Shareware)