← Advisories

Mindjet MindManager 2012 v10.0.493 Multiple Remote Vulnerabilities

Critical
Advisory ID
ZSL-2012-5068
Release Date
31 January 2012
Vendor
Mindjet - http://www.mindjet.com
Affected Version
10.0.493 (Windows)
CVE
CVE-2012-4754
Tested On
Microsoft Windows XP Professional SP3 (EN)
Summary

An intuitive visual framework that fosters clarity, innovative thinking & communication to improve business results.

Description

MindManager suffers from several vulnerabilities included into the whole package. Several OCX and DLL libraries from 3rd party software (glg.ocx, officeviewermme.ocx, pdfxctrl.dll, vsflex8n.ocx and ChartFX.ClientServer.Core.dll) are vulnerable to buffer overflow and denial of service (IE). Also the application is vulnerable to insecure library loading with every file extension thru ssgp.dll and dwmapi.dll.

Proof of Concept
mindmanager_mv.txtTXT
Disclosure Timeline
N/A
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://www.exploit-db.com/exploits/12673/
[2]https://www.zeroscience.mk/#/advisories/ZSL-2012-5067
[3]https://www.zeroscience.mk/#/advisories/ZSL-2012-5069
[4]http://packetstormsecurity.org/files/109293/ZSL-2012-5068
[5]http://secunia.com/advisories/47797/
[6]http://www.securityfocus.com/bid/51767
[7]http://cxsecurity.com/issue/WLB-2012020006
[8]http://osvdb.org/show/osvdb/78725
[9]http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-4754
Changelog
31.01.2012Initial release
01.02.2012Added reference [4], [5], [6] and [7]
02.02.2012Added reference [8]
24.11.2012Added reference [9]