PT-2007-4277 · Leadtools+1 · Ltris14E.Dll+2

Shinnai

Published

2007-06-01

Updated

2017-07-29

CVE-2007-2980

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: LEADTOOLS LEAD Raster ISIS Object version 14.5.0.44

Description: A heap-based buffer overflow issue exists in a certain ActiveX control, allowing remote attackers to cause a denial of service, such as an Internet Explorer crash, or potentially execute arbitrary code. This is achieved by exploiting a long DriverName property.

Recommendations: For version 14.5.0.44, consider disabling the affected ActiveX control until a patch is available to prevent potential exploitation. Restrict access to the LTRIS14e.DLL library to minimize the risk of a denial of service or arbitrary code execution. Avoid using the DriverName property in the affected ActiveX control until the issue is resolved.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2007-2980

Affected Products

Internet Explorer

Leadtools Lead Raster Isis Object

Ltris14E.Dll

PT-2007-4277 · Leadtools+1 · Ltris14E.Dll+2

CVE-2007-2980

Weakness Enumeration

Related Identifiers

Affected Products

References · 9