Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:3413
HistoryJun 14, 2008 - 12:00 a.m.

BackWeb LiteInstActivator.dll ActiveX控件栈溢出漏洞

2008-06-1400:00:00
Root
www.seebug.org
15

0.325 Low

EPSS

Percentile

97.1%

JSON

BUGTRAQ ID: 29558
CVE(CAN) ID: CVE-2008-0956

BackWeb Lite Install Runner(LiteInstActivator.dll)是用于在Windows系统上安装软件的ActiveX控件。

LiteInstActivator.dll控件捆绑于Logitech鼠标软件中的Logitech Desktop Messenger,该控件没有正确地验证某处参数的输入,如果用户受骗访问了恶意网页并传送了超长参数的话,就可能触发栈溢出,导致执行任意指令。

BackWeb BackWeb 8.1.1.86
Logitech Desktop Manager 2.55
临时解决方法:

  • 在IE中禁用BackWeb Lite Install Runner ActiveX控件,为以下CLSID设置kill bit:
    {40F23EB7-B397-4285-8F3C-AACE4FA40309}

或者将以下文本保存为.REG文件并导入:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility{40F23EB7-B397-4285-8F3C-AACE4FA40309}]
"Compatibility Flags"=dword:00000400

厂商补丁:

BackWeb

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://backweb.com/index.php” target=“_blank”>http://backweb.com/index.php</a>

Related

kaspersky 1
cert 1
prion 1
nvd 1
cve 1
cvelist 1
nessus 1
kaspersky
kaspersky
KLA10245 ACE vulnerability in Logitech Desktop Manager
2008-06-11 00:00:00
cert
cert
BackWeb Lite Install Runner ActiveX stack buffer overflows
2008-06-10 00:00:00
prion
prion
Stack overflow
2008-06-12 02:32:00
nvd
nvd
CVE-2008-0956
2008-06-12 02:32:00
cve
cve
CVE-2008-0956
2008-06-12 02:32:00
cvelist
cvelist
CVE-2008-0956
2008-06-12 01:30:00
nessus
nessus
MS08-032: Cumulative Security Update of ActiveX Kill Bits (950760)
2008-06-10 00:00:00

0.325 Low

EPSS

Percentile

97.1%

JSON
Related for SSV:3413
kaspersky1cert1prion1nvd1cve1cvelist1nessus1