Dell Webcam Center 'CrazyTalk4Native.dll' ActiveX Multiple Buffer Overflow Vulnerabilities

Bugtraq ID:	52560
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 19 2012 12:00AM
Updated:	Mar 22 2012 10:20AM
Credit:	rgod
Vulnerable:	Reallusion CrazyTalk 4 Dell Webcam Center 0
Not Vulnerable:

Dell Webcam Center 'CrazyTalk4Native.dll' ActiveX Multiple Buffer Overflow Vulnerabilities

Dell Webcam Center is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may exploit these issues to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.

Dell Webcam Center 'CrazyTalk4Native.dll' ActiveX Multiple Buffer Overflow Vulnerabilities

The following proof-of-concept and exploit are available:

• /data/vulnerabilities/exploits/52560.rb
• /data/vulnerabilities/exploits/52560.html

Dell Webcam Center 'CrazyTalk4Native.dll' ActiveX Multiple Buffer Overflow Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Dell Webcam Center 'CrazyTalk4Native.dll' ActiveX Multiple Buffer Overflow Vulnerabilities

References:

• CrazyTalk Homepage (Reallusion )
  
• Dell Webcam Center Homepage (Dell )
  
• Dell Webcam Software Bundled ActiveX Control CrazyTalk4Native.dll sprintf Remote (rgod)
  
• rgod proof of concept (rgod)
  
• Dell Webcam Software Bundled ActiveX Control CrazyTalk4Native.dll sprintf Remote ([email protected] )