E-Book Systems FlipViewer FlipViewerX.DLL ActiveX Multiple Buffer Overflow Vulnerabilities
TITLE: E-Book Systems FlipViewer FlipViewerX.DLL ActiveX Multiple Buffer Overflow Vulnerabilities
CLASS: Boundary Condition Error
CVE: CVE-2007-2919
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 05 2007 12:00AM
UPDATE: Jun 05 2007 12:00AM
CREDIT: Will Dormann is credited with the discovery of these vulnerabilities.
VULNERABLE:
E-Book Systems FlipViewer 4.0NOT VULNERABLE:
E-Book Systems FlipViewer 4.1
Vai alla pagina originale su Security Focus
Discussion
E-Book Systems FlipViewer ActiveX Control is prone to multiple buffer-overflow vulnerabilities.
Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
E-Book Systems FlipViewer versions prior to 4.0 are vulnerable; other versions may also be affected.
Exploit
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
Solution
Solution:
The vendor has released version 4.1 to address this issue; please see the reference section for details.
E-Book Systems FlipViewer 4.0
- E-Book Systems fv410.exe
http://www.flipviewer.com/exe/fv410.exe
References
References:
- E-Book Systems FlipViewer ActiveX control stack buffer overflows (US-CERT)
- FlipViewer Web Site (FlipViewer)
- Microsoft Knowledge Base article 240797 (Microsoft)