Lucene search

K
saintSAINT CorporationSAINT:25041479E7D3944631E9BAB1B0D891B8
HistoryNov 21, 2008 - 12:00 a.m.

LPViewer ActiveX Control url property buffer overflow

2008-11-2100:00:00
SAINT Corporation
download.saintcorporation.com
12

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.611 Medium

EPSS

Percentile

97.8%

Added: 11/21/2008
CVE: CVE-2008-4384
BID: 31604
OSVDB: 48946

Background

The LPViewer ActiveX Control installs with the iseemedia ZOOM control viewer and allows viewing of images created with iseemedia software.

Problem

A buffer overflow vulnerability allows command execution when a user opens a web page which runs the LPViewer ActiveX Control with a long, specially crafted url property.

Resolution

Set the kill bit for Class ID 3F0EECCE-E138-11D1-8712-0060083D83F5 as described in Microsoft knowledge base article 240797.

References

<http://www.kb.cert.org/vuls/id/848873&gt;

Limitations

Exploit works on iseemedia Browser Plugin Viewer 3.6 and requires a user to open the exploit file in Internet Explorer.

Platforms

Windows

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.611 Medium

EPSS

Percentile

97.8%