PT-2006-4771 · Interactual · Interactual Player

Published

2006-07-28

Updated

2017-07-20

CVE-2006-3925

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions InterActual Player versions prior to 2.6

Description The issue is related to a stack-based buffer overflow in the ITIRecorder.MicRecorder ActiveX control, which is part of the iarecord.dll in InterActual Player. This can be exploited by remote attackers to execute arbitrary code by providing a long argument to the Files method.

Recommendations For versions prior to 2.6, update to version 2.6 or later to resolve the issue. As a temporary workaround, consider disabling the Files method in the ITIRecorder.MicRecorder ActiveX control until a patch is available. Restrict access to the iarecord.dll module to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3925

Affected Products

Interactual Player

PT-2006-4771 · Interactual · Interactual Player

CVE-2006-3925

Related Identifiers

Affected Products

References · 5