vendor:
Consumer Webhelper ActiveX Control
by:
Parveen Vashishtha
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Consumer Webhelper ActiveX Control
Affected Version From: N/A
Affected Version To: 2.0.0.7
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP2
2007
British Telecommunications Consumer Webhelper Multiple Buffer Overflow POC
The British Telecommunications Consumer Webhelper ActiveX control is prone to multiple buffer-overflow vulnerabilities because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
Mitigation:
Upgrade to version 2.0.0.8 or later of the British Telecommunications Consumer Webhelper ActiveX control.
