Creative Software AutoUpdate Engine CTSUEng.ocx ActiveX Control Buffer Overflow (CVE-2008-0955)

A remote code execution vulnerability has been reported inCreative Software AutoUpdate Engine. The vulnerability is due to boundary errors within the AutoUpdate Engine ActiveX control CTSUEng.ocx. A remote attacker can exploit this vulnerability by enticing a user to open a malicious web page...

Creative Software AutoUpdate Engine ActiveX Control Buffer Overflow

No description provided by source. $Id: creativesoftwarecachefolder.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing a...

CVE-2010-0990

Stack-based buffer overflow in Creative Software AutoUpdate Engine ActiveX Control 2.0.12.0, as used in Creative Software AutoUpdate 1.40.01, allows remote attackers to execute arbitrary code via vectors related to the BrowseFolder method...

Creative Software AutoUpdate Engine - ActiveX Control Buffer Overflow (Metasploit)

$Id: creativesoftwarecachefolder.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Creative Software AutoUpdate Engine ActiveX Control Buffer Overflow

This module exploits a stack buffer overflow in Creative Software AutoUpdate Engine. When sending an overly long string to the cachefolder property of CTSUEng.ocx an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...

Creative软件自动升级引擎ActiveX控件栈溢出漏洞

BUGTRAQ ID: 29391 CVECAN ID: CVE-2008-0955 Creative是生产用于个人电脑和网络方面的数字娱乐产品的厂商。 Creative在很多产品中都提供了软件自动升级引擎ActiveX控件（CTSUEng.ocx），这个控件没有正确地处理CacheFolder属性，如果用户受骗访问了恶意网页并向该属性传送了超长参数的话，就可能触发栈溢出，导致执行任意指令。 Creative Labs AutoUpdate Engine ActiveX 临时解决方法： 在IE中禁用Creative软件自动升级ActiveX控件，为以下CLSID设置kill bit：...

DSquare Exploit Pack: D2SEC_CREATIVE

Name| d2seccreative ---|--- CVE| CVE-2008-0955 Exploit Pack| D2ExploitPack Description| Creative Software AutoUpdate Engine ActiveX Stack Overflow Notes|...

Stack overflow

Stack-based buffer overflow in the Creative Software AutoUpdate Engine ActiveX control in CTSUEng.ocx allows remote attackers to execute arbitrary code via a long CacheFolder property value...

CVE-2008-0955

Stack-based buffer overflow in the Creative Software AutoUpdate Engine ActiveX control in CTSUEng.ocx allows remote attackers to execute arbitrary code via a long CacheFolder property value...

creative-overflow.txt

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CacheFolder property is vulnerable to stack-based buffer overflow after 260 bytes, @ 512 bytes overwrites SEH and allows code execution reliably. Original Advisory @ http://www.kb.cert.org/vuls/id/501843 and Vulnerability...

Creative Software AutoUpdate Engine ActiveX (CTSUEng.ocx) Unspecified Overflow

The remote host contains the Creative Software AutoUpdate Engine ActiveX control, which is used to automatically update Creative Labs software. The version of this control installed on the remote host reportedly contains an unspecified stack-based buffer overflow. If an attacker can trick a user ...

Creative Software AutoUpdate Engine ActiveX Stack Overflow Exploit

Exploit for unknown platform in category remote exploits ================================================================== Creative Software AutoUpdate Engine ActiveX Stack Overflow Exploit ==================================================================...