GFI LANguard - Vulnerability scanning and patch management. Download a free trial!

Main Menu

Free Services

Critical Alerts

- 28 May 2008

Adobe Flash Player Unspecified Remote Code Execution Vulnerability

 

- 11 Mar 2008

Microsoft Excel Multiple Remote Code Execution Vulnerabilities

 

- 16 Jan 2008

Microsoft Excel File Handling Remote Arbitrary Code Execution Vulnerability

 

- 13 Dec 2007

JustSystems Ichitaro "JSGCI.DLL" Document Processing Remote Buffer Overflow Vulnerability

 

- 11 Dec 2007

Microsoft Internet Explorer Multiple Remote Memory Corruption Vulnerabilities

 

Advisories » PhotoStockPlus Uploader Tool ActiveX Control Remote Buffer Overflow Vulnerabilities

 

Release Date: 20/05/2008 Severity: Highly Critical Highly Critical
SecWatch Advisory: SWID1021241 Cause: Boundary error
Solution Status: Unpatched Impact: Execution of arbitrary code
Exploit Status: None Available Access Vector: From remote
 
Affected Software: PhotoStockPlus Uploader Tool ActiveX Control 1.x
 
References: FrSIRT/ADV-2008-1571
CVE: CVE-2008-0957
US Cert: VU#406937
Secunia: SA30305
Bugtraq ID: BID#29279

 

Description:

A vulnerability in PhotoStockPlus Uploader Tool ActiveX control has been reported, which can be exploited by remote users to compromise a vulnerable system.

Boundary errors exist when handling certain initialization parameters within the PhotoStockPlus Uploader Tool ActiveX control (PSPUploader.ocx), which can be exploited to cause stack-based buffer overflows and execute arbitrary code.

 

Solution:

There was no vendor-supplied solution at the time of entry.

Set the kill-bit for the affected ActiveX control CLSID {E48BB416-C578-4A62-84C9-5E3389ABE5FC}.

 

Credits:

Will Dormann, CERT/CC

 

Free Vulnerability Notification Service

Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.