vendor:
ActiveX control
by:
Dennis Rand
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: ActiveX control
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Internet Explorer
2006
Cryptomathic ActiveX Buffer Overflow
Cryptomathic ActiveX control is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer. Invoking the object from a malicious website or HTML email may trigger the condition. If the vulnerability were successfully exploited, this would corrupt process memory, resulting in arbitrary code execution. Arbitrary code would be executed in the context of the client application.
Mitigation:
Input validation should be performed to ensure that user-supplied data does not exceed the size of the destination buffer.
