PT-2007-4152 · Sky · Sky Software Shell Megapack Activex

Published

2007-05-24

Updated

2017-07-29

CVE-2007-2848

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Sky Software Shell MegaPack ActiveX version 8.0

Description The issue is related to a stack-based buffer overflow in the SetPath function of the shComboBox ActiveX control. This can be exploited by remote attackers to execute arbitrary code by providing a long argument to the function.

Recommendations For Sky Software Shell MegaPack ActiveX version 8.0, consider disabling the SetPath function in the shComboBox ActiveX control as a temporary workaround until a patch is available. Restrict access to the shcmb80.ocx module to minimize the risk of exploitation. Avoid using long arguments in the SetPath function until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2848

Affected Products

Sky Software Shell Megapack Activex

PT-2007-4152 · Sky · Sky Software Shell Megapack Activex

CVE-2007-2848

Related Identifiers

Affected Products

References · 5