PT-2008-6098 · Microsoft · Djvu Activex Control

Shahriyar Jalayeri

Publicado

2008-11-04

Atualizado

2017-09-29

CVE-2008-4922

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions DjVu ActiveX Control version 3.0 for Microsoft Office

Description The issue allows remote attackers to execute arbitrary code via a long ImageURL property, and possibly the Mode, Page, or Zoom properties. This is due to a buffer overflow in the DjVu ActiveX Control.

Recommendations For DjVu ActiveX Control version 3.0, consider disabling the control until a patch is available to prevent exploitation. Restrict access to the ImageURL, Mode, Page, and Zoom properties to minimize the risk of arbitrary code execution.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2008-4922

Produtos afetados

Djvu Activex Control

PT-2008-6098 · Microsoft · Djvu Activex Control

CVE-2008-4922

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8