ID CVE-2007-2814
Summary Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA, (4) DefineImage, (5) DefineImageEx, (6) DefineImageFox, (7) CopyBufToClipExA, (8) LoadEx, (9) LoadFox, and other functions.
References
Vulnerable Configurations
  • cpe:2.3:a:pegasus:imagn_activex_control:4.00.041:*:*:*:*:*:*:*
    cpe:2.3:a:pegasus:imagn_activex_control:4.00.041:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 24086
misc http://retrogod.altervista.org/IE_pegasus_imagn_bof.html
osvdb 36518
secunia 25351
vupen ADV-2007-1899
xf pegasus-imagn-filename-bo(34419)
Last major update 29-07-2017 - 01:31
Published 22-05-2007 - 19:30
Last modified 29-07-2017 - 01:31
Back to Top