PT-2008-4833 · Microsoft+2 · Internet Explorer+3

Published

2008-07-31

Updated

2017-08-08

CVE-2008-3430

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Eyeball MessengerSDK version 5.0.907.1 SiOL Komunikator version 1.3

Description The issue is related to a buffer overflow in the CoVideoWindow.ocx ActiveX control, which can be exploited by remote attackers to execute arbitrary code. This is achieved by supplying a large argument to the BGColor method. It is noted that this might only be a vulnerability in certain insecure configurations of Internet Explorer.

Recommendations For Eyeball MessengerSDK version 5.0.907.1, consider disabling the BGColor method in the CoVideoWindow.ocx ActiveX control until a patch is available. For SiOL Komunikator version 1.3, restrict access to the CoVideoWindow.ocx ActiveX control to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2008-3430

Affected Products

Covideowindow.Ocx

Eyeball Messengersdk

Internet Explorer

Siol Komunikator

PT-2008-4833 · Microsoft+2 · Internet Explorer+3

CVE-2008-3430

Weakness Enumeration

Related Identifiers

Affected Products

References · 5