[NT] BearShare NCTAudioFile2 ActiveX Control Buffer Overflow
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 10 May 2007 15:48:36 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
BearShare NCTAudioFile2 ActiveX Control Buffer Overflow
------------------------------------------------------------------------
SUMMARY
<http://www.bearshare.com/> BearShare allows you to "Share, Discover and
Download music and videos". Secunia Research has discovered a
vulnerability in BearShare, which can be exploited by malicious people to
compromise a user's system.
DETAILS
Vulnerable Systems:
* BearShare version 6.0.2.26789
The vulnerability is caused due to a boundary error in the
NCTAudioFile2.AudioFile ActiveX control when handling the
"SetFormatLikeSample()" method. This can be exploited to cause a
stack-based buffer overflow by passing an overly long string (about 4124
bytes) as argument to the affected method.
Successful exploitation allows execution of arbitrary code when a user
e.g. visits a malicious website.
Solution:
Set the kill-bit for the affected ActiveX control.
Time Table:
30/04/2007 - Vendor notified.
09/05/2007 - Public disclosure.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0018>
CVE-2007-0018
ADDITIONAL INFORMATION
The information has been provided by <mailto:vuln@xxxxxxxxxxx> Secunia
Research.
The original article can be found at:
<http://secunia.com/secunia_research/2007-50/>
http://secunia.com/secunia_research/2007-50/
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NEWS] IOS FTP Server Multiple Vulnerabilities
- Next by Date: [NT] Internet Explorer HTML Objects Memory Corruption Vulnerability
- Previous by thread: [NEWS] IOS FTP Server Multiple Vulnerabilities
- Next by thread: [NT] Internet Explorer HTML Objects Memory Corruption Vulnerability
- Index(es):
Relevant Pages
- [NEWS] ClamAV libclamav PE File Integer Overflow Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... ClamAV libclamav PE File
Integer Overflow Vulnerability ... Exploitation of this vulnerability results in the
execution of arbitrary ... (Securiteam) - [NEWS] PHP getimagesize() Multiple DoS Vulnerabilities
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... PHP is a widely-used general-purpose
scripting language that is especially ... Remote exploitation of a denial of service condition
in the PHP ... Local exploitation of an input validation vulnerability in The PHP Group's
... (Securiteam) - [NEWS] ClamAV libclamav PeSpin Heap Overflow Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... ClamAV libclamav PeSpin Heap
Overflow Vulnerability ... Exploitation of this vulnerability results in the execution
of arbitrary ... (Securiteam) - [UNIX] Multiple Vendor X Server fonts.dir File Parsing Integer Overflow Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Multiple Vendor X Server
fonts.dir File Parsing Integer Overflow ... exploitation of an integer overflow vulnerability
in multiple vendors' ... Exploitation allows attackers to execute arbitrary code with elevated
... (Securiteam) - [UNIX] Clam AntiVirus ClamAV CAB File Unstore Buffer Overflow Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Clam AntiVirus ClamAV CAB File
Unstore Buffer Overflow Vulnerability ... Remote exploitation of a buffer overflow
vulnerability in Clam AntiVirus' ... (Securiteam)
