ID CVE-2009-1567 Type cve Reporter NVD Modified 2018-10-10T15:37:18
Description
Multiple stack-based buffer overflows in the Lateral Arts Photobox uploader ActiveX control 1.x before 1.3, and 2.2.0.6, allow remote attackers to execute arbitrary code via a long URL string for the (1) LogURL, (2) ConnectURL, (3) SkinURL, (4) AlbumCreateURL, (5) ErrorURL, or (6) httpsinglehost property value.
{"securityvulns": [{"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "description": "====================================================================== \r\n\r\n Secunia Research 02/12/2009\r\n\r\n - Lateral Arts uploader ActiveX Control Buffer Overflow -\r\n\r\n====================================================================== \r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nDescription of Vulnerability.........................................3\r\nSolution.............................................................4\r\nTime Table...........................................................5\r\nCredits..............................................................6\r\nReferences...........................................................7\r\nAbout Secunia........................................................8\r\nVerification.........................................................9\r\n\r\n====================================================================== \r\n1) Affected Software \r\n\r\n* Lateral Arts Photobox uploader ActiveX Control 2.2.0.6\r\n\r\nNOTE: Other versions may also be affected.\r\n\r\n====================================================================== \r\n2) Severity \r\n\r\nRating: Highly critical\r\nImpact: System compromise\r\nWhere: Remote\r\n\r\n====================================================================== \r\n3) Description of Vulnerability\r\n\r\nSecunia Research has discovered a vulnerability in Lateral Arts \r\nPhotobox uploader ActiveX Control, which can be exploited by \r\nmalicious people to compromise a user's system.\r\n\r\nThe vulnerability is caused by a boundary error when parsing URLs. \r\nThis can be exploited to cause a stack-based buffer overflow via an \r\noverly long string assigned to a number of properties (e.g. "LogURL",\r\n"ConnectURL", "SkinURL", "AlbumCreateURL", "ErrorURL", and \r\n"httpsinglehost").\r\n\r\nSuccessful exploitation allows execution of arbitrary code when a \r\nuser e.g. visits a malicious website.\r\n\r\nThe vulnerability is confirmed in version 2.2.0.6. Other versions may \r\nalso be affected.\r\n\r\n====================================================================== \r\n4) Solution \r\n\r\nAccording to the vendor (Lateral Arts), the vulnerability is fixed\r\nin version 1.3 of the upstream version.\r\n\r\nNo fixed version is available for the Photobox 2.x branch.\r\n\r\n====================================================================== \r\n5) Time Table \r\n\r\n02/11/2009 - Vendor (Lateral Arts) notified.\r\n02/11/2009 - Vendor response.\r\n11/11/2009 - Status update requested.\r\n11/11/2009 - Vendor response (customers contacted).\r\n18/11/2009 - Status update requested.\r\n18/11/2009 - Vendor response.\r\n25/11/2009 - Disclosure postponed.\r\n30/11/2009 - Vendor provides status update.\r\n02/12/2009 - Public disclosure.\r\n\r\n====================================================================== \r\n6) Credits \r\n\r\nDiscovered by Carsten Eiram, Secunia Research.\r\n\r\n====================================================================== \r\n7) References\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned \r\nCVE-2009-1567 for the vulnerability.\r\n\r\n====================================================================== \r\n8) About Secunia\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://secunia.com/advisories/business_solutions/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private \r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/advisories/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the \r\nsecurity and reliability of software in general:\r\n\r\nhttp://secunia.com/secunia_research/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below\r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/corporate/jobs/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/advisories/mailing_lists/\r\n\r\n====================================================================== \r\n9) Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2009-41/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================", "modified": "2009-12-02T00:00:00", "published": "2009-12-02T00:00:00", "id": "SECURITYVULNS:DOC:22860", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22860", "title": "Secunia Research: Lateral Arts Photobox uploader ActiveX Control Buffer Overflow", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2019-02-19T17:02:25", "bulletinFamily": "info", "description": "### *Detect date*:\n12/03/2009\n\n### *Severity*:\nCritical\n\n### *Description*:\nA buffer overflow was found in LA Photobox Uploader. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed URL.\n\n### *Affected products*:\nLateral Arts Photobox Uploader 1 versions 1.2 and earlier \nLateral Arts Photobox Uploader 2 version 2.2.0.6\n\n### *Solution*:\nUpdate to latest version\n\n### *Original advisories*:\n[Juniper description](<http://junipercloud.net/security/auto/vulnerabilities/vuln37187.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Photobox Uploader ActiveX Control](<https://threats.kaspersky.com/en/product/Photobox-Uploader-ActiveX-Control/>)\n\n### *CVE-IDS*:\n[CVE-2009-1567](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1567>)", "modified": "2019-02-15T00:00:00", "published": "2009-12-03T00:00:00", "id": "KLA10241", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10241", "title": "\r KLA10241ACE vulnerability in Lateral Arts Photobox Uploader ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}