Danske Bank Danske e-Sec ActiveX控件缓冲区溢出漏洞

BUGTRAQ ID: 34549 CVE ID：CVE-2008-1107 CNCVE ID：CNCVE-20081107 Danske Bank Danske e-Sec控制模块ActvieX控件存在安全漏洞，远程攻击者可以利用漏洞以应用程序安全上下文执行任意指令。 DanskeSikker.ocx中的日志函数存在边界错误，当ActiveX控件在部分行为下初始化时提交超长输入给部分方法，可导致基于栈的缓冲区溢出。 成功利用该漏洞可以以应用程序安全上下文执行任意指令。 Danske Bank DanskeSikker.ocx 3.1 48 目前没有解决方案提供：...

CVE-2008-1107

Multiple stack-based buffer overflows in the Danske Bank e-Sec Control Module ActiveX control DanskeSikker.ocx 3.1.0.48, and possibly earlier versions, allow remote attackers to execute arbitrary code via long arguments to unspecified methods, which are not properly handled by a logging function...

Danske Bank Danske e-Sec ActiveX buffer overflow

Buffer overflow in logging function...

CVE-2008-1107

CVE-2008-1107 affects Danske Bank Danske e-Sec Control Module ActiveX control DanskeSikker.ocx 3.1.0.48 (and possibly earlier). The vulnerability is a boundary error in the error-logging function of DanskeSikker.ocx that can be triggered by overly long inputs to certain methods during initialisat...