IncrediMail IMMenuShellExt ActiveX Control Buffer Overflow
Secunia Advisory: SA25051
Release Date: 2007-04-27
Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: IncrediMail 2.x
IncrediMail 3.x
IncrediMail 5.x
CVE reference: CVE-2007-1683 (Secunia mirror)
Description:
Will Dormann has reported a vulnerability in the IncrediMail, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the
"DoWebMenuAction()" method of the IMMenuShellExt ActiveX control
(ImShExt.dll). This can be exploited to cause a stack-based buffer
overflow when a user e.g. visits a malicious website.
Successful exploitation allows execution of arbitrary code.
Solution:
Set the kill-bit for the affected ActiveX control.
Provided and/or discovered by:
Will Dormann, CERT/CC.
Original Advisory:
US-CERT VU#906777:
http://www.kb.cert.org/vuls/id/906777
Extended Solution:
The "Extended Solution" section is available for Secunia customers only.
Request a trial and get access to the Secunia Customer Area and Extended
Secunia advisories.
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
