vendor:
ActiveX UserManager
by:
Blake
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: ActiveX UserManager
Affected Version From: 02.03
Affected Version To: 02.03
Patch Exists: NO
Related CWE: N/A
CPE: a:brothersoft:activex_usermanager
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3 / IE7 in VirtualBox
2011
ActiveX UserManager 2.03 Buffer Overflow
This exploit uses a buffer overflow vulnerability in ActiveX UserManager 2.03 to overwrite SEH with 00410041. The exploit is triggered by passing a string of 1044 'A's as an argument to the SelectServer method.
Mitigation:
Ensure that ActiveX UserManager 2.03 is not installed on the system.