Callisto PhotoParade Player PhPInfo ActiveX Control Remote Buffer Overflow Vulnerability
BID:25654
Info
Callisto PhotoParade Player PhPInfo ActiveX Control Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 25654 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-1688 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 12 2007 12:00AM |
| Updated: | Sep 13 2007 03:11AM |
| Credit: | Will Dormann of CERT/CC is credited with the discovery of this vulnerability. |
| Vulnerable: |
Callisto PhotoParade Player PhPInfo ActiveX 0 |
| Not Vulnerable: | |
Discussion
Callisto PhotoParade Player PhPInfo ActiveX Control Remote Buffer Overflow Vulnerability
PhotoParade Player ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
PhotoParade Player ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
Exploit / POC
Callisto PhotoParade Player PhPInfo ActiveX Control Remote Buffer Overflow Vulnerability
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Callisto PhotoParade Player PhPInfo ActiveX Control Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Callisto PhotoParade Player PhPInfo ActiveX Control Remote Buffer Overflow Vulnerability
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- PhotoParade Homepage (Callisto)
- Vulnerability Note VU#171449 Callisto PhotoParade Player PhPInfo ActiveX control (US-CERT)