---------------------------------------------------------------------- Are you missing: SECUNIA ADVISORY ID: Critical: Impact: Where: within the advisory below? This is now part of the Secunia commercial solutions. Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/ Click here to trial our solutions: http://secunia.com/advisories/try_vi/ ---------------------------------------------------------------------- TITLE: Dafolo DafoloControl ActiveX Control Multiple Vulnerabilities SECUNIA ADVISORY ID: SA35017 VERIFY ADVISORY: http://secunia.com/advisories/35017/ DESCRIPTION: 0x29A has discovered multiple vulnerabilities in Dafolo DafoloControl ActiveX control (DafoloFFControl.dll), which can be exploited by malicious people to compromise a user's system. 1) Two boundary errors when processing the "baseurl" property can be exploited to cause a heap-based and stack-based buffer overflow via an overly long string value. 2) A boundary error in a string parsing function can be exploited to cause a stack-based buffer overflow by assigning an overly long string value to the "kommune", "felter", "afdeling", or "Flags" properties. 3) Boundary errors when processing the "HelpURL" and "caburl" properties can be exploited to cause heap-based buffer overflows via overly long string values. 4) A boundary error when processing filenames can be exploited to cause a heap-based buffer overflow, which in turn may trigger a stack-based buffer overflow via an overly long string either passed as argument to the "Open()" method or set as the "filename" property value. Successful exploitation of the vulnerabilities allows execution of arbitrary code. The vulnerabilities are confirmed in version 1.108.6.195. Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: 0x29A ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------