GlobalLink ConnectAndEnterRoom ActiveX Control Stack Buffer Overflow Vulnerability
BID:26244
Info
GlobalLink ConnectAndEnterRoom ActiveX Control Stack Buffer Overflow Vulnerability
| Bugtraq ID: | 26244 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-5722 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 29 2007 12:00AM |
| Updated: | May 07 2015 05:34PM |
| Credit: | The original discoverer of this issue is unknown. Symantec was alerted to its existence due to active, in the wild exploits. |
| Vulnerable: |
GlobalLink GlobalLink 2.7.0.8 |
| Not Vulnerable: | |
Discussion
GlobalLink ConnectAndEnterRoom ActiveX Control Stack Buffer Overflow Vulnerability
GlobalLink is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
GlobalLink 2.7.0.8 is affected by this issue; other versions may also be vulnerable.
GlobalLink is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
GlobalLink 2.7.0.8 is affected by this issue; other versions may also be vulnerable.
Exploit / POC
GlobalLink ConnectAndEnterRoom ActiveX Control Stack Buffer Overflow Vulnerability
An attacker may exploit this issue by enticing a victim into visiting a malicious webpage.
This issue is actively being exploited in the wild.
Untested and potentially malicious exploit code is available:
An attacker may exploit this issue by enticing a victim into visiting a malicious webpage.
This issue is actively being exploited in the wild.
Untested and potentially malicious exploit code is available:
Solution / Fix
GlobalLink ConnectAndEnterRoom ActiveX Control Stack Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
GlobalLink ConnectAndEnterRoom ActiveX Control Stack Buffer Overflow Vulnerability
References:
References:
- ????:ARP??????????(??????????0-Day)???? (xyz24k)
- Microsoft Support Document 240797 (Microsoft)