Zoomify Viewer ActiveX Control Multiple Buffer Overflow Vulnerabilities
TITLE: Zoomify Viewer ActiveX Control Multiple Buffer Overflow Vulnerabilities
CLASS: Boundary Condition Error
CVE: CVE-2007-2920
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 11 2007 12:00AM
UPDATE: Jun 12 2007 04:59PM
CREDIT: Will Dormann reported this vulnerability.
VULNERABLE:
Zoomify Zoomify Viewer ActiveX Control 0NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
Zoomify Viewer ActiveX control is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Successfully exploiting these issues allow remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
Exploit
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
References
References:
- Microsoft Knowledge Base article 240797 (Microsoft)
- ZoomifyHomepage (Zoomify)
- Vulnerability Note VU#174177 Zoomify Viewer ActiveX control multiple stack buffe (US-CERT)