Check Point Advisories

Update Protection against HP Photo Creative audio.Record ActiveX Stack Buffer Overflow

Check Point Reference: CPAI-2011-105
Date Published: 9 Mar 2011
Severity: High
Last Updated: Saturday 01 January, 2011
Source: Secunia Advisory SA42770
Protection Provided by:
Who is Vulnerable? HP Photo Creative 2.0 and prior
Vulnerability Description A buffer overflow vulnerability exists in HP Photo Creative ActiveX control. The vulnerability is due to a boundary error in ContentMan.dll while parsing arguments passed to the Resample function of the audio.Record ActiveX control. Remote attackers could exploit this vulnerability by enticing the target users to visit a crafted web page. Successful exploitation would result in arbitrary code execution.
Update/Patch AvaliableThe vendor has not released an advisory addressing this vulnerability.
Vulnerability DetailsThe vulnerability is due to a boundary error while processing a string passed as the second variable. To xploit the vulnerability, the attacker would need to entice a target user to visit the malicious web page. Successful exploitation would result in arbitrary code injection and execution.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK