Name:
D-Link.Mpeg4.VAPGDecoder.Url.ActiveX.Control.Acces
Released Date:
May 16 2008
Severity:
critical
Bugtraq:
28010

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
D-Link MPEG4 SHM Audio ActiveX Control ('VAPGDecoder.dll') is vulnerable to a buffer overflow issue when an overly long string is passed to the Url parameter. A malicious user can trick a victim to visit a malicious web site to use this vulnerability and could then execute arbitrary remote code execution on the victim's host.
 
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
 
Affected Products
D-Link MPEG4 SHM Audio Control 1.7.0.5
Aliases
References
http://www.securityfocus.com/bid/28010
http://www.frsirt.com/english/advisories/2008/0687
http://milw0rm.org/exploits/5193
Recommended Actions
Update the software to latest version or set the kill-bit on the ActiveX control.

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED