PT-2007-4085 · Lead Technologies · Leadtools Jpeg 2000
Published
2007-05-21
·
Updated
2017-07-29
·
CVE-2007-2771
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
LEAD Technologies LeadTools JPEG 2000 LEADJ2K.LEADJ2K.140 ActiveX control version 14.5.0.35
Description
The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long
BitmapDataPath property.Recommendations
For version 14.5.0.35, consider disabling the
LTJ2K14.ocx ActiveX control until a patch is available to prevent exploitation. Restrict access to the BitmapDataPath property to minimize the risk of arbitrary code execution.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Leadtools Jpeg 2000