Computer Security
[EN] securityvulns.ru no-pyccku


NTR ActiveX security vulnerabilities
Published:21.01.2012
Source:
SecurityVulns ID:12153
Type:client
Threat Level:
5/10
Description:Buffer overflow, unsafe method.
Affected:NTR : NTR ActiveX control 2.0
CVE:CVE-2012-0267 (The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer.)
 CVE-2012-0266 (Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check method, a long bstrUrl parameter to the (3) Download or (4) DownloadModule method during construction of a .ntr pathname, or a long bstrUrl parameter to the (5) Download or (6) DownloadModule method during construction of a URL.)
Original documentdocumentSECUNIA, Secunia Research: NTR ActiveX Control "StopModule()" Input Validation Vulnerability (21.01.2012)
 documentSECUNIA, Secunia Research: NTR ActiveX Control Four Buffer Overflow Vulnerabilities (21.01.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod