PT-2007-3942 · Microsoft · Internet Explorer

Shinnai

Published

2007-05-11

Updated

2017-10-11

CVE-2007-2623

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Remote Display Dev kit version 1.2.1.0

Description The issue is related to multiple buffer overflows in RControl.dll, which can be exploited by remote attackers to cause a denial of service, specifically crashing Internet Explorer 7. This can be achieved by providing a long first argument to the connect function or a long InternalServer property value.

Recommendations For Remote Display Dev kit version 1.2.1.0, consider disabling the connect function or restricting the length of the InternalServer property value to prevent the buffer overflow and subsequent denial of service.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2623

Affected Products

Internet Explorer

PT-2007-3942 · Microsoft · Internet Explorer

CVE-2007-2623

Related Identifiers

Affected Products

References · 7