Search...

CVE-2009-1567

2009-12-03T12:30:00

ID CVE-2009-1567
Type cve
Reporter NVD
Modified 2018-10-10T15:37:18

Description

Multiple stack-based buffer overflows in the Lateral Arts Photobox uploader ActiveX control 1.x before 1.3, and 2.2.0.6, allow remote attackers to execute arbitrary code via a long URL string for the (1) LogURL, (2) ConnectURL, (3) SkinURL, (4) AlbumCreateURL, (5) ErrorURL, or (6) httpsinglehost property value.

JSON Vulners Source

Initial Source

{"id": "CVE-2009-1567", "bulletinFamily": "NVD", "title": "CVE-2009-1567", "description": "Multiple stack-based buffer overflows in the Lateral Arts Photobox uploader ActiveX control 1.x before 1.3, and 2.2.0.6, allow remote attackers to execute arbitrary code via a long URL string for the (1) LogURL, (2) ConnectURL, (3) SkinURL, (4) AlbumCreateURL, (5) ErrorURL, or (6) httpsinglehost property value.", "published": "2009-12-03T12:30:00", "modified": "2018-10-10T15:37:18", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1567", "reporter": "NVD", "references": ["http://www.securityfocus.com/bid/37187", "http://www.vupen.com/english/advisories/2009/3377", "http://www.vupen.com/english/advisories/2009/3376", "http://www.securityfocus.com/archive/1/508169/100/0/threaded"], "cvelist": ["CVE-2009-1567"], "type": "cve", "lastseen": "2018-10-11T11:33:53", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:larts:uploader_activex_control:2.2.0.6"], "cvelist": ["CVE-2009-1567"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Multiple stack-based buffer overflows in the Lateral Arts Photobox uploader ActiveX control 1.x before 1.3, and 2.2.0.6, allow remote attackers to execute arbitrary code via a long URL string for the (1) LogURL, (2) ConnectURL, (3) SkinURL, (4) AlbumCreateURL, (5) ErrorURL, or (6) httpsinglehost property value.", "edition": 1, "enchantments": {"score": {"modified": "2016-09-03T12:22:18", "value": 9.3, "vector": "NONE"}}, "hash": "527450105906eab1656986b41cdf37c6c95f6c461e301b593f1f68e154687a0c", "hashmap": [{"hash": "df23c7c03eaff9ae8795beaa1ce6fdde", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "8e5415469ac4af850581ff8312731298", "key": "description"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "1fbf9c6f042d2f04c24565c4c318018d", "key": "published"}, {"hash": "9056605927dd26b05194df6fd8f732de", "key": "cpe"}, {"hash": "ae587eec897b79324d7ef9db697d814b", "key": "href"}, {"hash": "28787b4d8a4a4cf14406db6e4621519a", "key": "cvelist"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "8ca152c81d475f37973e2c8735ebf344", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "34e38c137a969670226bd5e8c98c4e54", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1567", "id": "CVE-2009-1567", "lastseen": "2016-09-03T12:22:18", "modified": "2009-12-07T00:00:00", "objectVersion": "1.2", "published": "2009-12-03T12:30:00", "references": ["http://www.securityfocus.com/bid/37187", "http://www.vupen.com/english/advisories/2009/3377", "http://www.securityfocus.com/archive/1/archive/1/508169/100/0/threaded", "http://www.vupen.com/english/advisories/2009/3376"], "reporter": "NVD", "scanner": [], "title": "CVE-2009-1567", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T12:22:18"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "9056605927dd26b05194df6fd8f732de"}, {"key": "cvelist", "hash": "28787b4d8a4a4cf14406db6e4621519a"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "8e5415469ac4af850581ff8312731298"}, {"key": "href", "hash": "ae587eec897b79324d7ef9db697d814b"}, {"key": "modified", "hash": "bedd3a61f36fdd71590b372e2b6102c7"}, {"key": "published", "hash": "1fbf9c6f042d2f04c24565c4c318018d"}, {"key": "references", "hash": "fb7fc2f9117e68fcf284c1e2e6850f68"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "8ca152c81d475f37973e2c8735ebf344"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "f8dddfdb67d354a9c1bcdd3fc1bdc28222f3c503afadc07abdfb0930452d0c4c", "viewCount": 0, "enchantments": {"score": {"value": 9.3, "vector": "NONE", "modified": "2018-10-11T11:33:53"}, "dependencies": {"references": [{"type": "kaspersky", "idList": ["KLA10241"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22860"]}], "modified": "2018-10-11T11:33:53"}, "vulnersScore": 9.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:larts:uploader_activex_control:2.2.0.6"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"securityvulns": [{"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "description": "====================================================================== \r\n\r\n Secunia Research 02/12/2009\r\n\r\n - Lateral Arts uploader ActiveX Control Buffer Overflow -\r\n\r\n====================================================================== \r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nDescription of Vulnerability.........................................3\r\nSolution.............................................................4\r\nTime Table...........................................................5\r\nCredits..............................................................6\r\nReferences...........................................................7\r\nAbout Secunia........................................................8\r\nVerification.........................................................9\r\n\r\n====================================================================== \r\n1) Affected Software \r\n\r\n* Lateral Arts Photobox uploader ActiveX Control 2.2.0.6\r\n\r\nNOTE: Other versions may also be affected.\r\n\r\n====================================================================== \r\n2) Severity \r\n\r\nRating: Highly critical\r\nImpact: System compromise\r\nWhere: Remote\r\n\r\n====================================================================== \r\n3) Description of Vulnerability\r\n\r\nSecunia Research has discovered a vulnerability in Lateral Arts \r\nPhotobox uploader ActiveX Control, which can be exploited by \r\nmalicious people to compromise a user's system.\r\n\r\nThe vulnerability is caused by a boundary error when parsing URLs. \r\nThis can be exploited to cause a stack-based buffer overflow via an \r\noverly long string assigned to a number of properties (e.g. "LogURL",\r\n"ConnectURL", "SkinURL", "AlbumCreateURL", "ErrorURL", and \r\n"httpsinglehost").\r\n\r\nSuccessful exploitation allows execution of arbitrary code when a \r\nuser e.g. visits a malicious website.\r\n\r\nThe vulnerability is confirmed in version 2.2.0.6. Other versions may \r\nalso be affected.\r\n\r\n====================================================================== \r\n4) Solution \r\n\r\nAccording to the vendor (Lateral Arts), the vulnerability is fixed\r\nin version 1.3 of the upstream version.\r\n\r\nNo fixed version is available for the Photobox 2.x branch.\r\n\r\n====================================================================== \r\n5) Time Table \r\n\r\n02/11/2009 - Vendor (Lateral Arts) notified.\r\n02/11/2009 - Vendor response.\r\n11/11/2009 - Status update requested.\r\n11/11/2009 - Vendor response (customers contacted).\r\n18/11/2009 - Status update requested.\r\n18/11/2009 - Vendor response.\r\n25/11/2009 - Disclosure postponed.\r\n30/11/2009 - Vendor provides status update.\r\n02/12/2009 - Public disclosure.\r\n\r\n====================================================================== \r\n6) Credits \r\n\r\nDiscovered by Carsten Eiram, Secunia Research.\r\n\r\n====================================================================== \r\n7) References\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned \r\nCVE-2009-1567 for the vulnerability.\r\n\r\n====================================================================== \r\n8) About Secunia\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://secunia.com/advisories/business_solutions/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private \r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/advisories/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the \r\nsecurity and reliability of software in general:\r\n\r\nhttp://secunia.com/secunia_research/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below\r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/corporate/jobs/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/advisories/mailing_lists/\r\n\r\n====================================================================== \r\n9) Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2009-41/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================", "modified": "2009-12-02T00:00:00", "published": "2009-12-02T00:00:00", "id": "SECURITYVULNS:DOC:22860", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22860", "title": "Secunia Research: Lateral Arts Photobox uploader ActiveX Control Buffer Overflow", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2019-02-19T17:02:25", "bulletinFamily": "info", "description": "### *Detect date*:\n12/03/2009\n\n### *Severity*:\nCritical\n\n### *Description*:\nA buffer overflow was found in LA Photobox Uploader. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed URL.\n\n### *Affected products*:\nLateral Arts Photobox Uploader 1 versions 1.2 and earlier \nLateral Arts Photobox Uploader 2 version 2.2.0.6\n\n### *Solution*:\nUpdate to latest version\n\n### *Original advisories*:\n[Juniper description](<http://junipercloud.net/security/auto/vulnerabilities/vuln37187.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Photobox Uploader ActiveX Control](<https://threats.kaspersky.com/en/product/Photobox-Uploader-ActiveX-Control/>)\n\n### *CVE-IDS*:\n[CVE-2009-1567](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1567>)", "modified": "2019-02-15T00:00:00", "published": "2009-12-03T00:00:00", "id": "KLA10241", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10241", "title": "\r KLA10241ACE vulnerability in Lateral Arts Photobox Uploader ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}