OSVDB ID: 35468

Title: Corel / Micrografx ActiveCGM Browser ActiveX (acgm.dll) Multiple Unspecified Overflows

Info

Disclosure

Jun 13, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

ActiveCGM contains a flaw that may allow a malicious user to execute arbitrary code on the remote system. The issue is triggered due to multiple unspecified boundary errors. It is possible that the flaw may allow code execution with privileges of the user resulting in a loss of integrity.

Classification

Location: Remote / Network Access, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown

Solution

Upgrade to version 7.1.4.19 or higher, as it has been reported to fix this vulnerability. Additionally, it is possible to correct the flaw by disabling the ActiveX control by setting the kill bit for CLSID 'F5D98C43-DB16-11cf-8ECA-0000C0FD59C7'.

Products

Corel Corporation

ActiveCGM Browser

7.1.4.18

References

CVE ID: 2007-2921 (see also: NVD)
Bugtraq ID: 24464
Secunia Advisory ID: 25672
ISS X-Force ID: 34863
CERT VU: 983249
VUPEN Advisory: ADV-2007-2191
Vendor URL: http://www.corel.com
Microsoft Knowledge Base Article: KB240797

Credit

Will Dormann - -

Direct URL: http://osvdb.org/35468