SSReader Ultra Star Reader ActiveX Control Register Method Buffer Overflow Vulnerability
BID:26247
Info
SSReader Ultra Star Reader ActiveX Control Register Method Buffer Overflow Vulnerability
| Bugtraq ID: | 26247 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-5807 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 29 2007 12:00AM |
| Updated: | Nov 15 2007 12:36AM |
| Credit: | The original discoverer of this issue is unknown. Symantec was alerted to its existence due to active, in the wild exploits. |
| Vulnerable: |
SSReader Ultra Star Reader 0 |
| Not Vulnerable: | |
Discussion
SSReader Ultra Star Reader ActiveX Control Register Method Buffer Overflow Vulnerability
SSReader Ultra Star Reader is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
SSReader Ultra Star Reader is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
Exploit / POC
SSReader Ultra Star Reader ActiveX Control Register Method Buffer Overflow Vulnerability
An attacker may exploit this issue by enticing a victim into visiting a malicious webpage.
This issue is actively being exploited in the wild.
An attacker may exploit this issue by enticing a victim into visiting a malicious webpage.
This issue is actively being exploited in the wild.
Solution / Fix
SSReader Ultra Star Reader ActiveX Control Register Method Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
SSReader Ultra Star Reader ActiveX Control Register Method Buffer Overflow Vulnerability
References:
References:
- Microsoft Support Document 240797 (Microsoft)
- SSReader Homepage (SSReader)