PT-2007-4085 · Lead Technologies · Leadtools Jpeg 2000
Publicado
2007-05-21
·
Atualizado
2017-07-29
·
CVE-2007-2771
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
LEAD Technologies LeadTools JPEG 2000 LEADJ2K.LEADJ2K.140 ActiveX control version 14.5.0.35
Description
The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long
BitmapDataPath property.Recommendations
For version 14.5.0.35, consider disabling the
LTJ2K14.ocx ActiveX control until a patch is available to prevent exploitation. Restrict access to the BitmapDataPath property to minimize the risk of arbitrary code execution.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Leadtools Jpeg 2000