Creative Software AutoUpdate Engine CTSUEng.ocx ActiveX Control Buffer Overflow (CVE-2008-0955)

A remote code execution vulnerability has been reported inCreative Software AutoUpdate Engine. The vulnerability is due to boundary errors within the AutoUpdate Engine ActiveX control CTSUEng.ocx. A remote attacker can exploit this vulnerability by enticing a user to open a malicious web page...

Creative Software AutoUpdate Engine ActiveX Control Buffer Overflow

No description provided by source. $Id: creativesoftwarecachefolder.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing a...

Creative Software UK Community Portal 1.1 PollResults.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/17890/info Creative Community Portal is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A...

Creative Software UK Community Portal 1.1 ArticleView.php article_id Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/17890/info Creative Community Portal is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A...

CVE-2010-0990

Stack-based buffer overflow in Creative Software AutoUpdate Engine ActiveX Control 2.0.12.0, as used in Creative Software AutoUpdate 1.40.01, allows remote attackers to execute arbitrary code via vectors related to the BrowseFolder method...

Stack overflow

Stack-based buffer overflow in Creative Software AutoUpdate Engine ActiveX Control 2.0.12.0, as used in Creative Software AutoUpdate 1.40.01, allows remote attackers to execute arbitrary code via vectors related to the BrowseFolder method...

CVE-2010-0990

CVE-2010-0990 describes a stack-based buffer overflow in Creative Software AutoUpdate Engine ActiveX Control 2.0.12.0 (bundled with AutoUpdate 1.40.01). The vulnerability exists in the BrowseFolder method and can be triggered remotely to execute arbitrary code. Public references identify the affe...

Secunia Research: Creative Software AutoUpdate Engine 2 ActiveX Control Buffer Overflow

====================================================================== Secunia Research 11/06/2010 - Creative Software - - AutoUpdate Engine 2 ActiveX Control Buffer Overflow - ====================================================================== Table of Contents Affected...

Creative Software AutoUpdate Engine - ActiveX Control Buffer Overflow (Metasploit)

$Id: creativesoftwarecachefolder.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Creative Software AutoUpdate Engine ActiveX Control Buffer Overflow

This module exploits a stack buffer overflow in Creative Software AutoUpdate Engine. When sending an overly long string to the cachefolder property of CTSUEng.ocx an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...

DSquare Exploit Pack: D2SEC_CREATIVE

Name| d2seccreative ---|--- CVE| CVE-2008-0955 Exploit Pack| D2ExploitPack Description| Creative Software AutoUpdate Engine ActiveX Stack Overflow Notes|...

Stack overflow

Stack-based buffer overflow in the Creative Software AutoUpdate Engine ActiveX control in CTSUEng.ocx allows remote attackers to execute arbitrary code via a long CacheFolder property value...

CVE-2008-0955

Stack-based buffer overflow in the Creative Software AutoUpdate Engine ActiveX control in CTSUEng.ocx allows remote attackers to execute arbitrary code via a long CacheFolder property value...

CVE-2008-0955

Stack-based buffer overflow in the Creative Software AutoUpdate Engine ActiveX control in CTSUEng.ocx allows remote attackers to execute arbitrary code via a long CacheFolder property value...

creative-overflow.txt

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CacheFolder property is vulnerable to stack-based buffer overflow after 260 bytes, @ 512 bytes overwrites SEH and allows code execution reliably. Original Advisory @ http://www.kb.cert.org/vuls/id/501843 and Vulnerability...

Creative Software AutoUpdate Engine ActiveX (CTSUEng.ocx) Unspecified Overflow

The remote host contains the Creative Software AutoUpdate Engine ActiveX control, which is used to automatically update Creative Labs software. The version of this control installed on the remote host reportedly contains an unspecified stack-based buffer overflow. If an attacker can trick a user ...

Creative Software AutoUpdate Engine ActiveX Stack Overflow Exploit

Exploit for unknown platform in category remote exploits ================================================================== Creative Software AutoUpdate Engine ActiveX Stack Overflow Exploit ==================================================================...

Creative Software AutoUpdate Engine - ActiveX Stack Overflow

Creative Software AutoUpdate Engine - ActiveX Stack Overflow +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CacheFolder property is vulnerable to stack-based buffer overflow after 260 bytes, @ 512 bytes overwrites SEH and allows code execution reliably. Original Advisory @...

Creative Software UK Community Portal 1.1 - 'PollResults.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/17890/info Creative Community Portal is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an...

Creative Software UK Community Portal 1.1 - 'ArticleView.php?article_id' SQL Injection

source: https://www.securityfocus.com/bid/17890/info Creative Community Portal is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an...