LEADTOOLS ActiveX Common Dialogs 16.5 Multiple Remote Vulnerabilities

Title: LEADTOOLS ActiveX Common Dialogs 16.5 Multiple Remote Vulnerabilities
Advisory ID: ZSL-2010-4961
Type: Local/Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 01.09.2010
With LEADTOOLS you can control any scanner, digital camera or capture card that has a TWAIN (32 and 64 bit) device driver. High-level acquisition support is included for ease of use while low-level functionality is provided for flexibility and control in even the most demanding scanning applications.
LEADTOOLS ActiveX Common Dialogs suffers from multiple remote vulnerabilities (IoF, BoF, DoS) as it fails to sanitize the input in different objects included in the Common Dialogs class.


Vulnerable Objects/OCX Dialogs (Win32):

1. ActiveX Common Dialogs (Web) --------------------> LtocxWebDlgu.dll
2. ActiveX Common Dialogs (Effects) ----------------> LtocxEfxDlgu.dll
3. ActiveX Common Dialogs (Image) ------------------> LtocxImgDlgu.dll
4. ActiveX Common Dialogs (Image Effects) ----------> LtocxImgEfxDlgu.dll
5. ActiveX Common Dialogs (Image Document)----------> LtocxImgDocDlgu.dll
6. ActiveX Common Dialogs (Color) ------------------> LtocxClrDlgu.dll
7. ActiveX Common Dialogs (File) -------------------> LtocxFileDlgu.dll


LEAD Technologies, Inc. - http://www.leadtools.com
Affected Version
Tested On
Microsoft Windows XP Professional SP3 (EN)
Windows Internet Explorer 8.0.6001.18702
RFgen Mobile Development Studio (Enterprise)
Vendor Status
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
[1] http://www.exploit-db.com/exploits/14852/
[2] http://www.packetstormsecurity.org/filedesc/ZSL-2010-4961.txt.html
[3] http://www.vfocus.net/art/20100902/7791.html
[4] http://www.venustech.com.cn/NewsInfo/124/8057.Html
[5] http://net-security.org/vuln.php?id=14060
[6] http://www.securityfocus.com/bid/42911
[01.09.2010] - Initial release
[02.09.2010] - Added reference [2]
[05.09.2010] - Added reference [3]
[10.09.2010] - Added reference [4]
[15.10.2010] - Added reference [5]
[26.10.2010] - Added reference [6]
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk