PT-2007-4160 · Microsoft+1 · Internet Explorer+1
Publicado
2007-05-24
·
Atualizado
2018-10-16
·
CVE-2007-2856
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Dart Communications PowerTCP ZIP Compression ActiveX control version 1.8.5.3
Internet Explorer version 6
Description
The issue is related to a buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control. This occurs when a long first argument is passed to the
QuickZip function, allowing remote attackers to execute arbitrary code. The attack requires user assistance and is related to an issue in Internet Explorer 6.Recommendations
For Dart Communications PowerTCP ZIP Compression ActiveX control version 1.8.5.3, consider disabling the
QuickZip function until a patch is available.
For Internet Explorer version 6, restrict the use of the Dart Communications PowerTCP ZIP Compression ActiveX control to minimize the risk of exploitation.Exploit
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Dart Communications Powertcp Zip Compression Activex Control
Internet Explorer