G DATA Antivirus 2007 ScanObjectBrowser.DLL ActiveX Control Buffer Overflow Weakness
BID:26008
Info
G DATA Antivirus 2007 ScanObjectBrowser.DLL ActiveX Control Buffer Overflow Weakness
| Bugtraq ID: | 26008 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-5436 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 10 2007 12:00AM |
| Updated: | May 07 2015 05:34PM |
| Credit: | Michal Bucko is credited with discovering this issue. |
| Vulnerable: |
G DATA Antivirus 2007 0 |
| Not Vulnerable: | |
Discussion
G DATA Antivirus 2007 ScanObjectBrowser.DLL ActiveX Control Buffer Overflow Weakness
G DATA Antivirus 2007 is prone to a buffer-overflow weakness because it fails to perform adequate boundary checks.
Successful exploits will allow attackers to execute arbitrary code in the context of an application using the control (typically Internet Explorer). Since the affected control is not marked 'safe for scripting', attackers must exploit this issue in conjunction with zone-escalation or cross-zone scripting attacks.
G DATA Antivirus 2007 is vulnerable to this issue; other versions may also be affected.
G DATA Antivirus 2007 is prone to a buffer-overflow weakness because it fails to perform adequate boundary checks.
Successful exploits will allow attackers to execute arbitrary code in the context of an application using the control (typically Internet Explorer). Since the affected control is not marked 'safe for scripting', attackers must exploit this issue in conjunction with zone-escalation or cross-zone scripting attacks.
G DATA Antivirus 2007 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
G DATA Antivirus 2007 ScanObjectBrowser.DLL ActiveX Control Buffer Overflow Weakness
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
G DATA Antivirus 2007 ScanObjectBrowser.DLL ActiveX Control Buffer Overflow Weakness
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
G DATA Antivirus 2007 ScanObjectBrowser.DLL ActiveX Control Buffer Overflow Weakness
References:
References:
- G DATA Homepage (G DATA)
- Microsoft Knowledge Base Article 240797 (Microsoft)
- [ELEYTT] 10PAZDZIERNIK2007 ("Michal Bucko"
- G DATA Antivirus ScanObjectBrowser.dll Buffer Overflow (Eleytt Corporation)