Eyeball MessengerSDK CoVideoWindow.ocx ActiveX control buffer overflow
| eyeballmessengersdk-covideowindow-bo (44111) |  High Risk |
Description:
The Eyeball MessengerSDK CoVideoWindow.ocx ActiveX control is vulnerable to a stack-based buffer overflow. By persuading a victim to visit a specially-crafted Web page, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim or cause the victim's browser to crash.
Platforms Affected:
- Eyeball Networks, Eyeball MessengerSDK
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Gain Access
References:
- Eyeball Web site, Eyeball MessengerSDK at http://www.eyeball.com/products/mess_sdk.html.
- PacketStorm Security Web site 30.7.2008, SiOL komunikator IM ActiveX stack overflow condition at http://packetstormsecurity.org/0807-exploits/siol-overflow.txt.
- BID-30424: Eyeball MessengerSDK 'CoVideoWindow.ocx' ActiveX Control Remote Buffer Overflow Vulnerability
- CVE-2008-3430: Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in Eyeball MessengerSDK, as used in products such as SiOL Komunikator 1.3, allows remote attackers to execute arbitrary code via a large argument supplied to the BGColor method. NOTE: this might only be a vulnerability in certain insecure configurations of Internet Explorer.
Reported:
Jul 29, 2008
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net