SafeNet PrivAgent.ocx ActiveX control ChooseFilePath buffer overflow

2012-11-16T00:00:00
ID SAINT:7A3411E622C4B21D2D8D7553CD1D55F7
Type saint
Reporter SAINT Corporation
Modified 2012-11-16T00:00:00

Description

Added: 11/16/2012
BID: 56297
OSVDB: 86723

Background

SafeNet Hardware Against Software Piracy (HASP) solutions include the PrivAgent.ocx ActiveX control.

Problem

A buffer overflow vulnerability in the ChooseFilePath method of the PrivAgent.ocx ActiveX control allows command execution when a user opens a specially crafted file.

Resolution

Set the kill bit for Class ID 09F68A41-2FBE-11D3-8C9D-0008C7D901B6 as described in Microsoft Knowledge Base Article 240797.

References

<http://www.exploit-db.com/exploits/22258/>

Limitations

Exploit works on SafeNet Privilege SCP 5.0 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn) and requires a user to open the exploit page in Internet Explorer 8 or 9.

JRE 1.6.x must be installed on Windows 7 targets.

Platforms

Windows