DB Software Laboratory VImpX ActiveX Control RejectedRecordsFile Buffer Overflow Vulnerability

Bugtraq ID:	26064
Class:	Boundary Condition Error
CVE:	CVE-2007-5445
Remote:	Yes
Local:	No
Published:	Oct 13 2007 12:00AM
Updated:	May 07 2015 05:34PM
Credit:	Saw13 is credited with the discovery of this vulnerability.
Vulnerable:	DB Software Laboratory VImpX 4.7.3.0
Not Vulnerable:

DB Software Laboratory VImpX ActiveX Control RejectedRecordsFile Buffer Overflow Vulnerability

The 'VImpX.ocx' ActiveX control shipped with the VImpX application is prone to a buffer-overflow vulnerability. The software fails to perform sufficient boundary checks of user-supplied input before copying it to an insufficiently sized memory buffer.

VImpX 4.7.3.0 is reported vulnerable to this issue; other products may be vulnerable as well.

DB Software Laboratory VImpX ActiveX Control RejectedRecordsFile Buffer Overflow Vulnerability

The following exploit is available:

• /data/vulnerabilities/exploits/26064.txt

DB Software Laboratory VImpX ActiveX Control RejectedRecordsFile Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

DB Software Laboratory VImpX ActiveX Control RejectedRecordsFile Buffer Overflow Vulnerability

References:

• Microsoft Knowledge Base Article 240797 (Microsoft)
  
• Vendor Homepage (DB Software Laboratory)
  
• VImpX ActiveX (VImpX.ocx v. 4.7.3.0) Remote ([email protected])