Dell Webcam Software ActiveX Control CrazyTalk4Native.dll Buffer Overflow

2012-03-23T00:00:00
ID SAINT:8FE3883D95A1103A80DB2D7B1104CD5F
Type saint
Reporter SAINT Corporation
Modified 2012-03-23T00:00:00

Description

Added: 03/23/2012
BID: 52571
OSVDB: 80205

Background

Dell Webcam center was written by Creative and branded by Dell. It includes features to control the Dell laptop's integrated webcam, providing photo capture and video recording capability. It comes bundled with Creative Livecam, which provides animated avatars.

Problem

The CrazyTalk ActiveX control (CrazyTalk4.ocx with CLSID 13149882-F480-4F6B-8C6A-0764F75B99ED) that comes bundled with Dell Webcam Center is vulnerable to a remote stack buffer overflow due to a failure to perform adequate boundary checks on user-supplied input via the **BackImage** property. The crazytalk4.ocx ActiveX control loads the CrazyTalk4Native.dll library and, while constructing a local file path, calls sprintf() with an insufficient size.

Resolution

The vulnerable ActiveX control may be disabled through Internet Explorer by following these Microsoft instructions. The CLSID for the vulnerable control is 13149882-F480-4F6B-8C6A-0764F75B99ED.

References

<http://retrogod.altervista.org/9sg_dell_adv.html>

Limitations

This exploit was tested on Dell SX2210 Webcam Monitor RC1.1 R230103 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

The exploit file must be opened using Internet Explorer 8 or 9 on the target system.

Platforms

Windows