vendor:
Image Well ActiveX
by:
Umesh Wanve
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Image Well ActiveX
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows 2000 SP4 Server English, Windows 2000 SP4 Professional English
2007
IPIX Image Well ActiveX Buffer Overflow Exploit
This exploit targets the iPIX Image Well ActiveX control, specifically the CreateMediaGroup method. The vulnerability allows an attacker to execute arbitrary code by providing specially crafted parameters to the method. The exploit code includes a shellcode that executes the calc.exe program.
Mitigation:
The vendor should release a patch or update to fix the buffer overflow vulnerability. In the meantime, users should avoid visiting untrusted websites or downloading untrusted ActiveX controls.