eCentrex Web Phone Buffer Overflow in 'uacomx.ocx' ActiveX Control Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1018596
|
|
SecurityTracker URL: http://securitytracker.com/id?1018596
|
|
CVE Reference: CVE-2007-4489
(Links to External Site)
|
Updated: Apr 24 2008
|
Original Entry Date: Aug 22 2007
|
Impact: Execution of arbitrary code via network, User access via network
|
Exploit Included: Yes
|
Description: A vulnerability was reported in eCentrex Web Phone. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create specially crafted HTML that, when loaded by the target user, will invoke the 'uacomx.ocx' ActiveX control
and trigger a buffer overflow to execute arbitrary code on the target user's system. The code will run with the privileges of the
target user.
Version 2.0.1 of the control is affected.
The CLSID of the vulnerable control is: BD80D375-5439-4D80-B128-DDA5FDC3AE6C
rgod
reported this vulnerability.
The original advisory is available at:
http://www.milw0rm.com/exploits/4299
|
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.e800phone.com/webphone.htm (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 22 Aug 2007 00:32:19 -0400
Subject: eCentrex Web Phone
|
http://www.milw0rm.com/exploits/4299
|
|
