Gracenote CDDBControl ActiveX Control Option String Overflow

2006-06-27T08:19:01
ID OSVDB:26874
Type osvdb
Reporter Richard Smith(), Dan Plakosh(), Peter Vreugdenhil()
Modified 2006-06-27T08:19:01

Description

Vulnerability Description

A remote overflow exists in Gracenote CDDBControl ActiveX Control. The Gracenote CDDB fails to handle long option string resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

Technical Description

Successful exploitation requires that the user is tricked into visiting a malicious website.

Solution Description

Upgrade to version 6.8 update or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Gracenote CDDBControl ActiveX Control. The Gracenote CDDB fails to handle long option string resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1016389 Secunia Advisory ID:20861 Secunia Advisory ID:20862 Secunia Advisory ID:23043 Other Advisory URL: http://secunia.com/secunia_research/2006-69/advisory/ Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-06-019.html Mail List Post: http://attrition.org/pipermail/vim/2006-December/001173.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-12/0195.html Mail List Post: http://attrition.org/pipermail/vim/2006-December/001178.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0737.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0177.html Keyword: ZDI-06-019 ISS X-Force ID: 27416 FrSIRT Advisory: ADV-2006-2562 FrSIRT Advisory: ADV-2006-2563 CVE-2006-6442 CVE-2006-3134 CERT VU: 701121 Bugtraq ID: 18678