Black Ice Software Document Imaging SDK/ActiveX Remote Buffer Overflow Vulnerability
BID:30243
Info
Black Ice Software Document Imaging SDK/ActiveX Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 30243 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2008-3209 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 15 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | r0ut3r |
| Vulnerable: |
Black Ice Software Document Imaging SDK/ActiveX 10.95 |
| Not Vulnerable: | |
Discussion
Black Ice Software Document Imaging SDK/ActiveX Remote Buffer Overflow Vulnerability
Black Ice Software Document Imaging SDK/ActiveX is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
Black Ice Software Document Imaging SDK/ActiveX 10.95 is vulnerable; other versions may also be affected.
Black Ice Software Document Imaging SDK/ActiveX is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
Black Ice Software Document Imaging SDK/ActiveX 10.95 is vulnerable; other versions may also be affected.
Exploit / POC
Black Ice Software Document Imaging SDK/ActiveX Remote Buffer Overflow Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to view a malicious webpage.
The following proof of concept is available:
To exploit this issue, an attacker must entice an unsuspecting user to view a malicious webpage.
The following proof of concept is available:
Solution / Fix
Black Ice Software Document Imaging SDK/ActiveX Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Black Ice Software Document Imaging SDK/ActiveX Remote Buffer Overflow Vulnerability
References:
References:
- Document Imaging SDK / ActiveX Toolkit (Black Ice Software)
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Vendor Homepage (Black Ice Software)