PT-2009-4805 · Avax · Avax Vector Activex

Published

2009-07-08

Updated

2018-10-10

CVE-2009-2377

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Avax Vector ActiveX version 1.3

Description The issue is related to a buffer overflow in the Avax Vector ActiveX control, specifically in the avPreview.ocx component. This can be exploited by remote attackers to cause a denial of service, resulting in an application crash. The exploitation occurs via a long PrinterName property.

Recommendations For Avax Vector ActiveX version 1.3, consider restricting the length of the PrinterName property to prevent buffer overflow exploitation until a patch is available. As a temporary workaround, avoid using excessively long printer names in the affected ActiveX control.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2009-2377

Affected Products

Avax Vector Activex

PT-2009-4805 · Avax · Avax Vector Activex

CVE-2009-2377

Weakness Enumeration

Related Identifiers

Affected Products

References · 4