Authentium Command On Demand ActiveX Control - Multiple Buffer Overflow Vulnerabilities

2010-03-04T00:00:00
ID EDB-ID:33705
Type exploitdb
Reporter Nikolas Sotiriu
Modified 2010-03-04T00:00:00

Description

Authentium Command On Demand ActiveX Control Multiple Buffer Overflow Vulnerabilities. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/38544/info

The CSS Web Installer ActiveX control in Authentium Command On Demand Online scanner is prone to multiple buffer-overflow vulnerabilities.

An attacker can exploit these issues by enticing a victim to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context of the application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.

Command On Demand CSS Web Installer ActiveX 1.4.9508.605 is vulnerable; other versions may also be affected.

Note: Reports indicate that the vendor no longer supports this product; vendor patches are not expected to be released. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/33705.zip