OSVDB ID: 34315

Title: WinDVD IASystemInfo.dll ActiveX Control ApplicationType Property Overflow

Info

Disclosure

Mar 21, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A buffer overflow exists in WinDVD. The IASystemInfo.dll ActiveX control fails to validate data handled by the ApplicationType property resulting in a stack overflow. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Workaround
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: set the kill-bit on the IASystemInfo.dll ActiveX Control for the following CLSIDs: {B727C210-2022-11D4-B2C6-0050DA1BD906} {B727C212-2022-11D4-B2C6-0050DA1BD906} {B727C217-2022-11D4-B2C6-0050DA1BD906} {B727C219-2022-11D4-B2C6-0050DA1BD906} {B727C21B-2022-11D4-B2C6-0050DA1BD906} {B727C21D-2022-11D4-B2C6-0050DA1BD906} {B727C220-2022-11D4-B2C6-0050DA1BD906} {B727C222-2022-11D4-B2C6-0050DA1BD906} See Microsoft KB article 240797 for more details.

Products

InterVideo

WinDVD

References

CVE ID: 2007-0348 (see also: NVD)
Secunia Advisory ID: 23032 23075 24556
Bugtraq ID: 23071
ISS X-Force ID: 33186
Related OSVDB ID: 34314
Metasploit ID: 34315
CERT VU: 922969
VUPEN Advisory: ADV-2007-1042 ADV-2007-1043
Other Advisory URL: http://secunia.com/secunia_research/2007-37/advisory/

Credit

Carsten Eiram - -

Direct URL: http://osvdb.org/34315