← Advisories

LEADTOOLS ActiveX Common Dialogs 16.5 Multiple Remote Vulnerabilities

High

Advisory ID

ZSL-2010-4961

Release Date

01 September 2010

Vendor

LEAD Technologies, Inc. - http://www.leadtools.com

Affected Version

16.5.0.2

CVE

N/A

Tested On

Microsoft Windows XP Professional SP3 (EN), Windows Internet Explorer 8.0.6001.18702, RFgen Mobile Development Studio 4.0.0.06 (Enterprise)

Summary

With LEADTOOLS you can control any scanner, digital camera or capture card that has a TWAIN (32 and 64 bit) device driver. High-level acquisition support is included for ease of use while low-level functionality is provided for flexibility and control in even the most demanding scanning applications.

Description

LEADTOOLS ActiveX Common Dialogs suffers from multiple remote vulnerabilities (IoF, BoF, DoS) as it fails to sanitize the input in different objects included in the Common Dialogs class.

Vulnerable Objects/OCX Dialogs (Win32):

ActiveX Common Dialogs (Web) --------------------> LtocxWebDlgu.dll
ActiveX Common Dialogs (Effects) ----------------> LtocxEfxDlgu.dll
ActiveX Common Dialogs (Image) ------------------> LtocxImgDlgu.dll
ActiveX Common Dialogs (Image Effects) ----------> LtocxImgEfxDlgu.dll
ActiveX Common Dialogs (Image Document)----------> LtocxImgDocDlgu.dll
ActiveX Common Dialogs (Color) ------------------> LtocxClrDlgu.dll
ActiveX Common Dialogs (File) -------------------> LtocxFileDlgu.dll

Proof of Concept

lead_activex.txtTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]http://www.exploit-db.com/exploits/14852/

[2]http://www.packetstormsecurity.org/filedesc/ZSL-2010-4961.txt.html

[3]http://www.vfocus.net/art/20100902/7791.html

[4]http://www.venustech.com.cn/NewsInfo/124/8057.Html

[5]http://net-security.org/vuln.php?id=14060