JComSoft 'AniGIF.ocx' ReadGIF and ReadGIF2 Methods ActiveX Buffer Overflow Vulnerabilities
BID:30621
Info
JComSoft 'AniGIF.ocx' ReadGIF and ReadGIF2 Methods ActiveX Buffer Overflow Vulnerabilities
| Bugtraq ID: | 30621 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2008-3702 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 10 2008 12:00AM |
| Updated: | Apr 16 2015 05:56PM |
| Credit: | Guido Landi |
| Vulnerable: |
SpeedBit Download Accelerator Plus 6.8 JComSoft Animation GIF ActiveX 2.4.7 JComSoft Animation GIF ActiveX 1.12b JComSoft Animation GIF ActiveX 1.12a |
| Not Vulnerable: | |
Discussion
JComSoft 'AniGIF.ocx' ReadGIF and ReadGIF2 Methods ActiveX Buffer Overflow Vulnerabilities
JComSoft Animation GIF ActiveX control is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.
Animation GIF ActiveX 2.47, 1.12a, and 1.12b are vulnerable; other versions may also be affected.
JComSoft Animation GIF ActiveX control is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.
Animation GIF ActiveX 2.47, 1.12a, and 1.12b are vulnerable; other versions may also be affected.
Exploit / POC
JComSoft 'AniGIF.ocx' ReadGIF and ReadGIF2 Methods ActiveX Buffer Overflow Vulnerabilities
To exploit these issues, an attacker must entice an unsuspecting user to view a malicious web document.
The following exploit code is available:
To exploit these issues, an attacker must entice an unsuspecting user to view a malicious web document.
The following exploit code is available:
Solution / Fix
JComSoft 'AniGIF.ocx' ReadGIF and ReadGIF2 Methods ActiveX Buffer Overflow Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
JComSoft 'AniGIF.ocx' ReadGIF and ReadGIF2 Methods ActiveX Buffer Overflow Vulnerabilities
References:
References:
- Animation GIF ActiveX Page (JComSoft)
- JComSoft Homepage (JComSoft)
- Microsoft Knowledge Base Article 240797 (Microsoft)