exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Secunia Security Advisory 32725

Secunia Security Advisory 32725
Posted Nov 17, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - r0ut3r has discovered a vulnerability in the VeryDOC PDF Viewer ActiveX control, which potentially can be exploited by malicious people to compromise a user's system.

tags | advisory, activex
SHA-256 | 5f11ad3d6729d21cd2c4d50e53398e7931a6c3abd62e23b74f7e8004ee4c1fca

Secunia Security Advisory 32725

Change Mirror Download
----------------------------------------------------------------------

Do you need accurate and reliable IDS / IPS / AV detection rules?

Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/

----------------------------------------------------------------------

TITLE:
VeryDOC PDF Viewer ActiveX Control "OpenPDF()" Buffer Overflow

SECUNIA ADVISORY ID:
SA32725

VERIFY ADVISORY:
http://secunia.com/advisories/32725/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
VeryDOC PDF Viewer ActiveX Control 2.x
http://secunia.com/advisories/product/20503/

DESCRIPTION:
r0ut3r has discovered a vulnerability in the VeryDOC PDF Viewer
ActiveX control, which potentially can be exploited by malicious
people to compromise a user's system.

The vulnerability is caused due to a boundary error in the
"OpenPDF()" method from the PDFVIEW.PdfviewCtrl.1 ActiveX control
(pdfview.ocx). This can be exploited to cause a heap-based buffer
overflow via an overly large string passed to the affected function.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in pdfview.ocx version 2.0.0.1. Other
versions may also be affected.

SOLUTION:
Set the kill-bit for the affected ActiveX control.

PROVIDED AND/OR DISCOVERED BY:
r0ut3r

ORIGINAL ADVISORY:
http://www.bmgsec.com.au/advisories/openpdf.txt

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Login or Register to add favorites

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close