ASUS Net4Switch ipswcom.dll ActiveX Control Buffer Overflow

2012-03-19T00:00:00
ID SAINT:36EA16C47E45D4FE305ACD69022E5E0C
Type saint
Reporter SAINT Corporation
Modified 2012-03-19T00:00:00

Description

Added: 03/19/2012
BID: 52110
OSVDB: 79438

Background

Asus manufactures computers, peripherals, computer components and network switches.

Problem

The Asus Net4Switch **ipswcom.dll** ActiveX component is vulnerable to buffer overflow as a result of failure to perform adequate boundary checks on user-supplied input.

Resolution

Contact the vendor.

References

<http://dsecrg.com/pages/vul/show.php?id=417>

Limitations

The exploit page must be opened using Internet Explorer 7 on the target.

This exploit has been tested on ASUS Net4Switch 1.0.0020 on Windows XP SP3 English (DEP OptIn) and Windows Vista SP2 (DEP OptIn).

Platforms

Windows