Lucene search

K
saintSAINT CorporationSAINT:66112B6C7CF3B8CEB0B9B499657CAE25
HistoryNov 21, 2008 - 12:00 a.m.

LPViewer ActiveX Control url property buffer overflow

2008-11-2100:00:00
SAINT Corporation
www.saintcorporation.com
9

0.611 Medium

EPSS

Percentile

97.8%

Added: 11/21/2008
CVE: CVE-2008-4384
BID: 31604
OSVDB: 48946

Background

The LPViewer ActiveX Control installs with the iseemedia ZOOM control viewer and allows viewing of images created with iseemedia software.

Problem

A buffer overflow vulnerability allows command execution when a user opens a web page which runs the LPViewer ActiveX Control with a long, specially crafted url property.

Resolution

Set the kill bit for Class ID 3F0EECCE-E138-11D1-8712-0060083D83F5 as described in Microsoft knowledge base article 240797.

References

<http://www.kb.cert.org/vuls/id/848873&gt;

Limitations

Exploit works on iseemedia Browser Plugin Viewer 3.6 and requires a user to open the exploit file in Internet Explorer.

Platforms

Windows

0.611 Medium

EPSS

Percentile

97.8%