Lucene search
SAINT CorporationSAINT:25041479E7D3944631E9BAB1B0D891B8HistoryNov 21, 2008 - 12:00 a.m.
LPViewer ActiveX Control url property buffer overflow
2008-11-2100:00:00
SAINT Corporation
download.saintcorporation.com
13
0.611 Medium
EPSS
Percentile
97.8%
Added: 11/21/2008
CVE: CVE-2008-4384
BID: 31604
OSVDB: 48946
Background
The LPViewer ActiveX Control installs with the iseemedia ZOOM control viewer and allows viewing of images created with iseemedia software.
Problem
A buffer overflow vulnerability allows command execution when a user opens a web page which runs the LPViewer ActiveX Control with a long, specially crafted url property.
Resolution
Set the kill bit for Class ID 3F0EECCE-E138-11D1-8712-0060083D83F5 as described in Microsoft knowledge base article 240797.
References
<http://www.kb.cert.org/vuls/id/848873>
Limitations
Exploit works on iseemedia Browser Plugin Viewer 3.6 and requires a user to open the exploit file in Internet Explorer.
Platforms
Windows
Related
packetstorm
packetstorm
iseemedia / Roxio / MGI Software LPViewer ActiveX Control Buffer Overflow
2009-11-26 00:00:00
cert
cert
saint
saint
LPViewer ActiveX Control url property buffer overflow
2008-11-21 00:00:00
LPViewer ActiveX Control url property buffer overflow
2008-11-21 00:00:00
LPViewer ActiveX Control url property buffer overflow
2008-11-21 00:00:00
prion
prion
Stack overflow
2008-10-07 20:00:00
nvd
nvd
CVE-2008-4384
2008-10-07 20:00:17
seebug
seebug
iseemedia 'LPControl.dll' LPViewer ActiveX控件多个缓冲区溢出漏洞
2008-10-08 00:00:00
cve
cve
CVE-2008-4384
2008-10-07 20:00:17
nessus
nessus
LPViewer ActiveX Control Multiple Buffer Overflow Vulnerabilities
2008-10-22 00:00:00
checkpoint_advisories
checkpoint_advisories
iseemedia LPViewer ActiveX Control Multiple Buffer Overflows (CVE-2008-4384)
2008-11-18 00:00:00
cvelist
cvelist
CVE-2008-4384
2008-10-07 18:27:00