EMC Captiva QuickScan Pro KeyHelp ActiveX Control JumpURL buffer overflow

2009-10-02T00:00:00
ID SAINT:20D1115C1CDB3DAE022CC54FFC2D5AEE
Type saint
Reporter SAINT Corporation
Modified 2009-10-02T00:00:00

Description

Added: 10/02/2009
BID: 36546
OSVDB: 58423

Background

EMC Captiva QuickScan Pro is a document capture solution. It includes KeyHelp, a free ActiveX control used for enhancing HTML help systems.

Problem

A buffer overflow vulnerability in the KeyHelp ActiveX Control allows command execution when a user loads a web page which calls the JumpURL method with specially crafted arguments.

Resolution

Set the kill bit for Class ID {B7ECFD41-BE62-11D2-B9A8-00104B138C8C} as described in Microsoft Knowledge Base Article 240797.

References

<http://secunia.com/advisories/36914/>
<http://secunia.com/advisories/36905/>

Limitations

Exploit works on EMC Captiva QuickScan Pro 4.6 SP1 and requires a user to open the exploit page in Internet Explorer 6 or 7.

Platforms

Windows