Search...

CVE-2009-1567

2009-12-03T17:30:00

ID CVE-2009-1567
Type cve
Reporter cve@mitre.org
Modified 2018-10-10T19:37:00

Description

Multiple stack-based buffer overflows in the Lateral Arts Photobox uploader ActiveX control 1.x before 1.3, and 2.2.0.6, allow remote attackers to execute arbitrary code via a long URL string for the (1) LogURL, (2) ConnectURL, (3) SkinURL, (4) AlbumCreateURL, (5) ErrorURL, or (6) httpsinglehost property value.

JSON Vulners Source

Initial Source

{"id": "CVE-2009-1567", "bulletinFamily": "NVD", "title": "CVE-2009-1567", "description": "Multiple stack-based buffer overflows in the Lateral Arts Photobox uploader ActiveX control 1.x before 1.3, and 2.2.0.6, allow remote attackers to execute arbitrary code via a long URL string for the (1) LogURL, (2) ConnectURL, (3) SkinURL, (4) AlbumCreateURL, (5) ErrorURL, or (6) httpsinglehost property value.", "published": "2009-12-03T17:30:00", "modified": "2018-10-10T19:37:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1567", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/37187", "http://www.vupen.com/english/advisories/2009/3377", "http://secunia.com/advisories/37492", "http://www.vupen.com/english/advisories/2009/3376", "http://secunia.com/secunia_research/2009-41/", "http://secunia.com/advisories/37138", "http://www.securityfocus.com/archive/1/508169/100/0/threaded"], "cvelist": ["CVE-2009-1567"], "type": "cve", "lastseen": "2019-05-29T18:09:58", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "5ac9df8d245782845013668779fa7438"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "9056605927dd26b05194df6fd8f732de"}, {"key": "cpe23", "hash": "41d7e727362efd612c47293cd1ab3d97"}, {"key": "cvelist", "hash": "28787b4d8a4a4cf14406db6e4621519a"}, {"key": "cvss", "hash": "d726e774add6189e33cf2ea0c61a2ba5"}, {"key": "cvss2", "hash": "ce5208699795f3a205feddd180907041"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "bb61a0949f8c36262500079f243672e2"}, {"key": "description", "hash": "8e5415469ac4af850581ff8312731298"}, {"key": "href", "hash": "ae587eec897b79324d7ef9db697d814b"}, {"key": "modified", "hash": "1ca428fc3af04d899761c85377943804"}, {"key": "published", "hash": "3d89f0634f00360bf491df2dc955eaef"}, {"key": "references", "hash": "ecf270df9c712ee0eaf00bf927165e9b"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "8ca152c81d475f37973e2c8735ebf344"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "6916eeb0fca7b41a2d1b244cec9f405c20f24e3a026f4673e1e4ff77aaa7e96b", "viewCount": 0, "enchantments": {"score": {"value": 7.6, "vector": "NONE", "modified": "2019-05-29T18:09:58"}, "dependencies": {"references": [{"type": "kaspersky", "idList": ["KLA10241"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22860"]}], "modified": "2019-05-29T18:09:58"}, "vulnersScore": 7.6}, "objectVersion": "1.3", "cpe": ["cpe:/a:larts:uploader_activex_control:2.2.0.6"], "affectedSoftware": [{"name": "larts uploader_activex_control", "operator": "eq", "version": "2.2.0.6"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {}, "cpe23": ["cpe:2.3:a:larts:uploader_activex_control:2.2.0.6:*:*:*:*:*:*:*"], "cwe": ["CWE-119"]}

{"kaspersky": [{"lastseen": "2019-03-21T00:14:58", "bulletinFamily": "info", "description": "### *Detect date*:\n12/03/2009\n\n### *Severity*:\nCritical\n\n### *Description*:\nA buffer overflow was found in LA Photobox Uploader. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed URL.\n\n### *Affected products*:\nLateral Arts Photobox Uploader 1 versions 1.2 and earlier \nLateral Arts Photobox Uploader 2 version 2.2.0.6\n\n### *Solution*:\nUpdate to latest version\n\n### *Original advisories*:\n[Juniper description](<http://junipercloud.net/security/auto/vulnerabilities/vuln37187.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Photobox Uploader ActiveX Control](<https://threats.kaspersky.com/en/product/Photobox-Uploader-ActiveX-Control/>)\n\n### *CVE-IDS*:\n[CVE-2009-1567](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1567>)9.3Critical", "modified": "2019-03-07T00:00:00", "published": "2009-12-03T00:00:00", "id": "KLA10241", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10241", "title": "\r KLA10241ACE vulnerability in Lateral Arts Photobox Uploader ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "description": "====================================================================== \r\n\r\n Secunia Research 02/12/2009\r\n\r\n - Lateral Arts uploader ActiveX Control Buffer Overflow -\r\n\r\n====================================================================== \r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nDescription of Vulnerability.........................................3\r\nSolution.............................................................4\r\nTime Table...........................................................5\r\nCredits..............................................................6\r\nReferences...........................................................7\r\nAbout Secunia........................................................8\r\nVerification.........................................................9\r\n\r\n====================================================================== \r\n1) Affected Software \r\n\r\n* Lateral Arts Photobox uploader ActiveX Control 2.2.0.6\r\n\r\nNOTE: Other versions may also be affected.\r\n\r\n====================================================================== \r\n2) Severity \r\n\r\nRating: Highly critical\r\nImpact: System compromise\r\nWhere: Remote\r\n\r\n====================================================================== \r\n3) Description of Vulnerability\r\n\r\nSecunia Research has discovered a vulnerability in Lateral Arts \r\nPhotobox uploader ActiveX Control, which can be exploited by \r\nmalicious people to compromise a user's system.\r\n\r\nThe vulnerability is caused by a boundary error when parsing URLs. \r\nThis can be exploited to cause a stack-based buffer overflow via an \r\noverly long string assigned to a number of properties (e.g. "LogURL",\r\n"ConnectURL", "SkinURL", "AlbumCreateURL", "ErrorURL", and \r\n"httpsinglehost").\r\n\r\nSuccessful exploitation allows execution of arbitrary code when a \r\nuser e.g. visits a malicious website.\r\n\r\nThe vulnerability is confirmed in version 2.2.0.6. Other versions may \r\nalso be affected.\r\n\r\n====================================================================== \r\n4) Solution \r\n\r\nAccording to the vendor (Lateral Arts), the vulnerability is fixed\r\nin version 1.3 of the upstream version.\r\n\r\nNo fixed version is available for the Photobox 2.x branch.\r\n\r\n====================================================================== \r\n5) Time Table \r\n\r\n02/11/2009 - Vendor (Lateral Arts) notified.\r\n02/11/2009 - Vendor response.\r\n11/11/2009 - Status update requested.\r\n11/11/2009 - Vendor response (customers contacted).\r\n18/11/2009 - Status update requested.\r\n18/11/2009 - Vendor response.\r\n25/11/2009 - Disclosure postponed.\r\n30/11/2009 - Vendor provides status update.\r\n02/12/2009 - Public disclosure.\r\n\r\n====================================================================== \r\n6) Credits \r\n\r\nDiscovered by Carsten Eiram, Secunia Research.\r\n\r\n====================================================================== \r\n7) References\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned \r\nCVE-2009-1567 for the vulnerability.\r\n\r\n====================================================================== \r\n8) About Secunia\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://secunia.com/advisories/business_solutions/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private \r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/advisories/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the \r\nsecurity and reliability of software in general:\r\n\r\nhttp://secunia.com/secunia_research/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below\r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/corporate/jobs/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/advisories/mailing_lists/\r\n\r\n====================================================================== \r\n9) Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2009-41/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================", "modified": "2009-12-02T00:00:00", "published": "2009-12-02T00:00:00", "id": "SECURITYVULNS:DOC:22860", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22860", "title": "Secunia Research: Lateral Arts Photobox uploader ActiveX Control Buffer Overflow", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}