SAINT CorporationSAINT:25041479E7D3944631E9BAB1B0D891B8LPViewer ActiveX Control url property buffer overflow
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.611 Medium
EPSS
Percentile
97.8%
Added: 11/21/2008
CVE: CVE-2008-4384
BID: 31604
OSVDB: 48946
Background
The LPViewer ActiveX Control installs with the iseemedia ZOOM control viewer and allows viewing of images created with iseemedia software.
Problem
A buffer overflow vulnerability allows command execution when a user opens a web page which runs the LPViewer ActiveX Control with a long, specially crafted url property.
Resolution
Set the kill bit for Class ID 3F0EECCE-E138-11D1-8712-0060083D83F5 as described in Microsoft knowledge base article 240797.
References
<http://www.kb.cert.org/vuls/id/848873>
Limitations
Exploit works on iseemedia Browser Plugin Viewer 3.6 and requires a user to open the exploit file in Internet Explorer.
Platforms
Windows
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.611 Medium
EPSS
Percentile
97.8%