HTTP: LEADTOOLS Imaging ActiveX Control Memory Corruption
This signature detects attempts to use unsafe ActiveX controls in LEADTOOLS Imaging solution. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
LEADTOOLS Imaging Common Dialogs ActiveX control is prone to multiple memory-corruption vulnerabilities including multiple integer-overflow vulnerabilities and multiple buffer-overflow vulnerabilities. An attacker may exploit these issues to execute arbitrary code within the context of the application (typically Internet Explorer) that invoked the ActiveX control. Failed exploit attempts will result in a denial-of-service condition. LEADTOOLS Imaging Common Dialogs 16.5 is vulnerable; other versions may also be affected.
Affected Products
Leadtools imaging_activex
References
BugTraq: 42911
URL: http://leadtools.com/downloads/default.htm http://www.leadtools.com/sdk/common-dialog/default.htm
Short Name
HTTP:STC:ACTIVEX:LEADTOOLS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX Control Corruption Imaging LEADTOOLS Memory bid:42911
Release Date
11/10/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Leadtools