Thursday, January 31, 2008 2:50 PM cmosby

MySpace Uploader Control ActiveX Control "Action" Property Buffer Overflow - Advisories - Secunia

 

MySpace Uploader Control ActiveX Control "Action" Property Buffer Overflow

Secunia Advisory:
SA28715

Release Date:
2008-01-31

Critical:

Highly critical

Impact:
System access

Where:
From remote

Solution Status:
Unpatched

Software:
MySpace Uploader Control 1.x

Description:
Elazar Broad has discovered a vulnerability in MySpace Uploader Control, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the MySpace.Uploader.4.1 ActiveX control (MySpaceUploader.ocx) when handling strings assigned to the "Action" property. This can be exploited to cause a stack-based buffer overflow by assigning an overly long (greater than 260 characters) string to the affected property.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in MySpaceUploader.ocx version 1.0.0.5 and reported in version 1.0.0.4. Other versions may also be affected.

Solution:
Set the kill-bit for the affected ActiveX control.

Provided and/or discovered by:
Elazar Broad

Original Advisory:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059980.html


Source: MySpace Uploader Control ActiveX Control "Action" Property Buffer Overflow - Advisories - Secunia

Filed under: , ,

Comments

No Comments