BigAnt Office Messenger 'AntCore.dll' ActiveX Control Multiple Heap Buffer Overflow Vulnerabilities

Bugtraq ID:	39721
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 27 2010 12:00AM
Updated:	Apr 30 2010 02:12PM
Credit:	mr_me
Vulnerable:	BigAnt Office Messenger 2.52
Not Vulnerable:

BigAnt Office Messenger 'AntCore.dll' ActiveX Control Multiple Heap Buffer Overflow Vulnerabilities

BigAnt Office Messenger is prone to multiple heap-based buffer-overflow vulnerabilities because the application fails to adequately check boundaries on user-supplied input.

An attacker can exploit these issues to execute arbitrary code in the context of the application, typically Internet Explorer, using the ActiveX control. Failed attacks will likely cause denial-of-service conditions.

BigAnt Office Messenger 2.52 is vulnerable; other versions may also be affected.

BigAnt Office Messenger 'AntCore.dll' ActiveX Control Multiple Heap Buffer Overflow Vulnerabilities

The following exploit code is available:

• /data/vulnerabilities/exploits/39721.html

BigAnt Office Messenger 'AntCore.dll' ActiveX Control Multiple Heap Buffer Overflow Vulnerabilities

Solution:
Updates are available. Please contact the vendor for more information.

BigAnt Office Messenger 'AntCore.dll' ActiveX Control Multiple Heap Buffer Overflow Vulnerabilities

References:

• BigAnt Office Messenger Homepage (BigAnt)
  
• Microsoft Knowledge Base Article 240797 (Microsoft)