PT-2008-6098 · Microsoft · Djvu Activex Control

Shahriyar Jalayeri

Published

2008-11-04

Updated

2017-09-29

CVE-2008-4922

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions DjVu ActiveX Control version 3.0 for Microsoft Office

Description The issue allows remote attackers to execute arbitrary code via a long ImageURL property, and possibly the Mode, Page, or Zoom properties. This is due to a buffer overflow in the DjVu ActiveX Control.

Recommendations For DjVu ActiveX Control version 3.0, consider disabling the control until a patch is available to prevent exploitation. Restrict access to the ImageURL, Mode, Page, and Zoom properties to minimize the risk of arbitrary code execution.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2008-4922

Affected Products

Djvu Activex Control

PT-2008-6098 · Microsoft · Djvu Activex Control

CVE-2008-4922

Weakness Enumeration

Related Identifiers

Affected Products

References · 8