Required CVE Record Information
Description
Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check method, a long bstrUrl parameter to the (3) Download or (4) DownloadModule method during construction of a .ntr pathname, or a long bstrUrl parameter to the (5) Download or (6) DownloadModule method during construction of a URL.
References 8 Total
- http://secunia.com/secunia_research/2012-1/
- archives.neohapsis.com: 20120111 Secunia Research: NTR ActiveX Control Four Buffer Overflow Vulnerabilities mailing-list
- exploit-db.com: 21841 exploit
- secunia.com: 45166 third-party-advisory
- exchange.xforce.ibmcloud.com: ntr-download-bo(72293) vdb-entry
- exchange.xforce.ibmcloud.com: ntr-check-bo(72292) vdb-entry
- osvdb.org: 78252 vdb-entry
- exchange.xforce.ibmcloud.com: ntr-startmodule-bo(72291) vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 8 Total
- http://secunia.com/secunia_research/2012-1/ x_transferred
- archives.neohapsis.com: 20120111 Secunia Research: NTR ActiveX Control Four Buffer Overflow Vulnerabilities mailing-listx_transferred
- exploit-db.com: 21841 exploitx_transferred
- secunia.com: 45166 third-party-advisoryx_transferred
- exchange.xforce.ibmcloud.com: ntr-download-bo(72293) vdb-entryx_transferred
- exchange.xforce.ibmcloud.com: ntr-check-bo(72292) vdb-entryx_transferred
- osvdb.org: 78252 vdb-entryx_transferred
- exchange.xforce.ibmcloud.com: ntr-startmodule-bo(72291) vdb-entryx_transferred