Secunia Security Advisory - 0x29A has discovered multiple vulnerabilities in Dafolo DafoloControl ActiveX control (DafoloFFControl.dll), which can be exploited by malicious people to compromise a user's system.
7947c6feda79a958bbc1555693f78da3fe39c124cb77aa1928a3b650701c0201
----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
Click here to learn more about our commercial solutions:
http://secunia.com/advisories/business_solutions/
Click here to trial our solutions:
http://secunia.com/advisories/try_vi/
----------------------------------------------------------------------
TITLE:
Dafolo DafoloControl ActiveX Control Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35017
VERIFY ADVISORY:
http://secunia.com/advisories/35017/
DESCRIPTION:
0x29A has discovered multiple vulnerabilities in Dafolo DafoloControl
ActiveX control (DafoloFFControl.dll), which can be exploited by
malicious people to compromise a user's system.
1) Two boundary errors when processing the "baseurl" property can be
exploited to cause a heap-based and stack-based buffer overflow via
an overly long string value.
2) A boundary error in a string parsing function can be exploited to
cause a stack-based buffer overflow by assigning an overly long
string value to the "kommune", "felter", "afdeling", or "Flags"
properties.
3) Boundary errors when processing the "HelpURL" and "caburl"
properties can be exploited to cause heap-based buffer overflows via
overly long string values.
4) A boundary error when processing filenames can be exploited to
cause a heap-based buffer overflow, which in turn may trigger a
stack-based buffer overflow via an overly long string either passed
as argument to the "Open()" method or set as the "filename" property
value.
Successful exploitation of the vulnerabilities allows execution of
arbitrary code.
The vulnerabilities are confirmed in version 1.108.6.195. Other
versions may also be affected.
SOLUTION:
Set the kill-bit for the affected ActiveX control.
PROVIDED AND/OR DISCOVERED BY:
0x29A
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------