NTR ActiveX control Buffer Overflow and Remote Code Execution Vulnerabilities
BID:51374
Info
NTR ActiveX control Buffer Overflow and Remote Code Execution Vulnerabilities
| Bugtraq ID: | 51374 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2012-0266 CVE-2012-0267 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 11 2012 12:00AM |
| Updated: | Apr 02 2013 03:57PM |
| Credit: | Carsten Eiram of Secunia Research |
| Vulnerable: |
NTRglobal NTR ActiveX control 1.1.8 |
| Not Vulnerable: |
NTRglobal NTR ActiveX control 2.0.4.8 |
Discussion
NTR ActiveX control Buffer Overflow and Remote Code Execution Vulnerabilities
NTR ActiveX control is prone to multiple remote buffer-overflow vulnerabilities and a remote code-execution vulnerability.
Attackers can exploit these issues to execute arbitrary code within the context of the application using the vulnerable control. Failed exploit attempts will result in a denial-of-service condition.
NTR ActiveX control 1.1.8 is vulnerable; other versions may also be affected.
NTR ActiveX control is prone to multiple remote buffer-overflow vulnerabilities and a remote code-execution vulnerability.
Attackers can exploit these issues to execute arbitrary code within the context of the application using the vulnerable control. Failed exploit attempts will result in a denial-of-service condition.
NTR ActiveX control 1.1.8 is vulnerable; other versions may also be affected.
Exploit / POC
NTR ActiveX control Buffer Overflow and Remote Code Execution Vulnerabilities
The following exploits are available:
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploits are available:
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
NTR ActiveX control Buffer Overflow and Remote Code Execution Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
NTR ActiveX control Buffer Overflow and Remote Code Execution Vulnerabilities
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- NTR ActiveX Control "StopModule()" Input Validation Vulnerability (Secunia Research)
- NTR ActiveX Control Four Buffer Overflow Vulnerabilities (Secunia Research)
- NTR ActiveX control Homepage (NTRglobal)
- Secunia Research: NTR ActiveX Control "StopModule()" Input Validation Vulnerabil (Secunia Research)
- Secunia Research: NTR ActiveX Control Four Buffer Overflow Vulnerabilities (Secunia Research)