Corel ActiveCGM Browser ActiveX Control Multiple Buffer Overflow Vulnerabilities
TITLE: Corel ActiveCGM Browser ActiveX Control Multiple Buffer Overflow Vulnerabilities
CLASS: Boundary Condition Error
CVE: CVE-2007-2921
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 09 2007 12:00AM
UPDATE: Jun 09 2007 12:00AM
CREDIT: Will Dormann is credited with the discovery of these vulnerabilities.
VULNERABLE:
Corel ActiveCGM Browser ActiveX control 7.1.4.19NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
Corel ActiveCGM Browser ActiveX control is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting these issues allow remote attackers to execute arbitrary code in the context of applications that use the affected control (typically Internet Explorer).
Corel ActiveCGM Browser 7.1.4.19 is vulnerable; other versions may also be affected.
Exploit
To exploit these issues, an attacker must entice an unsuspecting user to access a malicious webpage.
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
References
References:
- Corel Homepage (Corel )
- Microsoft Knowledge Base article 240797 (Microsoft)
- Vulnerability Note VU#983249 (US-CERT)