LEADTOOLS ActiveX Common Dialogs 16.5 Multiple Remote Vulnerabilities
Title: LEADTOOLS ActiveX Common Dialogs 16.5 Multiple Remote Vulnerabilities
Advisory ID: ZSL-2010-4961
Type: Local/Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 01.09.2010
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Windows Internet Explorer 8.0.6001.18702
RFgen Mobile Development Studio 4.0.0.06 (Enterprise)
[2] http://www.packetstormsecurity.org/filedesc/ZSL-2010-4961.txt.html
[3] http://www.vfocus.net/art/20100902/7791.html
[4] http://www.venustech.com.cn/NewsInfo/124/8057.Html
[5] http://net-security.org/vuln.php?id=14060
[6] http://www.securityfocus.com/bid/42911
[02.09.2010] - Added reference [2]
[05.09.2010] - Added reference [3]
[10.09.2010] - Added reference [4]
[15.10.2010] - Added reference [5]
[26.10.2010] - Added reference [6]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2010-4961
Type: Local/Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 01.09.2010
Summary
With LEADTOOLS you can control any scanner, digital camera or capture card that has a TWAIN (32 and 64 bit) device driver. High-level acquisition support is included for ease of use while low-level functionality is provided for flexibility and control in even the most demanding scanning applications.Description
LEADTOOLS ActiveX Common Dialogs suffers from multiple remote vulnerabilities (IoF, BoF, DoS) as it fails to sanitize the input in different objects included in the Common Dialogs class.--------------------------------------------------------------------------------
Vulnerable Objects/OCX Dialogs (Win32):
1. ActiveX Common Dialogs (Web) --------------------> LtocxWebDlgu.dll
2. ActiveX Common Dialogs (Effects) ----------------> LtocxEfxDlgu.dll
3. ActiveX Common Dialogs (Image) ------------------> LtocxImgDlgu.dll
4. ActiveX Common Dialogs (Image Effects) ----------> LtocxImgEfxDlgu.dll
5. ActiveX Common Dialogs (Image Document)----------> LtocxImgDocDlgu.dll
6. ActiveX Common Dialogs (Color) ------------------> LtocxClrDlgu.dll
7. ActiveX Common Dialogs (File) -------------------> LtocxFileDlgu.dll
--------------------------------------------------------------------------------
Vendor
LEAD Technologies, Inc. - http://www.leadtools.comAffected Version
16.5.0.2Tested On
Microsoft Windows XP Professional SP3 (EN)Windows Internet Explorer 8.0.6001.18702
RFgen Mobile Development Studio 4.0.0.06 (Enterprise)
Vendor Status
N/APoC
lead_activex.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://www.exploit-db.com/exploits/14852/[2] http://www.packetstormsecurity.org/filedesc/ZSL-2010-4961.txt.html
[3] http://www.vfocus.net/art/20100902/7791.html
[4] http://www.venustech.com.cn/NewsInfo/124/8057.Html
[5] http://net-security.org/vuln.php?id=14060
[6] http://www.securityfocus.com/bid/42911
Changelog
[01.09.2010] - Initial release[02.09.2010] - Added reference [2]
[05.09.2010] - Added reference [3]
[10.09.2010] - Added reference [4]
[15.10.2010] - Added reference [5]
[26.10.2010] - Added reference [6]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
