Image Viewer CP Pro/Gold ActiveX Control 'TIFMergeMultiFiles()' Method Buffer Overflow Vulnerability
BID:50712
Info
Image Viewer CP Pro/Gold ActiveX Control 'TIFMergeMultiFiles()' Method Buffer Overflow Vulnerability
| Bugtraq ID: | 50712 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 02 2010 12:00AM |
| Updated: | Dec 02 2010 12:00AM |
| Credit: | Dr_IDE |
| Vulnerable: |
Viscomsoft Image Viewer CP Pro SDK ActiveX 8.0 Viscomsoft Image Viewer CP Gold SDK ActiveX 6.0 |
| Not Vulnerable: | |
Discussion
Image Viewer CP Pro/Gold ActiveX Control 'TIFMergeMultiFiles()' Method Buffer Overflow Vulnerability
Image Viewer CP Pro and Gold ActiveX controls are prone to a stack-based buffer-overflow vulnerability because the applications fail to perform adequate boundary checks on user-supplied data.
Successful exploits allow remote attackers to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions.
Image Viewer CP Pro SDK ActiveX 8.0 and Image Viewer CP Gold SDK ActiveX 6.0 are vulnerable.
Image Viewer CP Pro and Gold ActiveX controls are prone to a stack-based buffer-overflow vulnerability because the applications fail to perform adequate boundary checks on user-supplied data.
Successful exploits allow remote attackers to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions.
Image Viewer CP Pro SDK ActiveX 8.0 and Image Viewer CP Gold SDK ActiveX 6.0 are vulnerable.
Exploit / POC
Image Viewer CP Pro/Gold ActiveX Control 'TIFMergeMultiFiles()' Method Buffer Overflow Vulnerability
The following exploit is available:
The following exploit is available:
Solution / Fix
Image Viewer CP Pro/Gold ActiveX Control 'TIFMergeMultiFiles()' Method Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Image Viewer CP Pro/Gold ActiveX Control 'TIFMergeMultiFiles()' Method Buffer Overflow Vulnerability
References:
References:
- Image Viewer CP Gold SDK ActiveX 6.0 (Viscom Softwares)
- Image Viewer CP Pro SDK ActiveX 8.0 (Viscom Softwares)