TippingPoint IPS customers have been protected against this
vulnerability since November 6, 2006 by Digital Vaccine protection
filter ID 4323, 4327. For further product information on the TippingPoint
IPS:
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Business Objects Crystal Reports.
Exploitation requires the target to visit a malicious web site.
This specific flaw exists within the ActiveX control with CLSID
85A4A99C-8C3D-499E-A386-E0743DFF8FB7. Specifying large values to two
specific functions available in this control results in an exploitable
stack based buffer overflow.
The vulnerable function / parameters include:
* DownloadAndExecute(), second of five parameters
* AddFileEx(), third of seven parameters
-- Vendor Response:
Notification was recently (January) sent to Macrovision customers about
the vulnerability and the correct way to resolve it (patching to a
newer version of the agent resolves the issue). The exact timing of
this deployment is left to our customers and partner.
-- Disclosure Timeline:
2006.06.22 - Vulnerability reported to vendor
2006.11.06 - Digital Vaccine released to TippingPoint customers
2007.06.04 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by Pedram Amini, TippingPoint DVLabs
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments,
is being sent by 3Com for the sole use of the intended recipient(s) and
may contain confidential, proprietary and/or privileged information.
Any unauthorized review, use, disclosure and/or distribution by any
recipient is prohibited. If you are not the intended recipient, please
delete and/or destroy all copies of this message regardless of form and
any included attachments and notify 3Com immediately by contacting the
sender via reply e-mail or forwarding to 3Com at postmaster (at) 3com (dot) com. [email concealed]
Overflow Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-07-09
June 4, 2007
-- CVE ID:
CVE-2007-2419
-- Affected Vendor:
Macrovision
-- Affected Products:
Update Service 3.x
Update Service 4.x
Update Service 5.x
FLEXnet Connect 6
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability since November 6, 2006 by Digital Vaccine protection
filter ID 4323, 4327. For further product information on the TippingPoint
IPS:
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Business Objects Crystal Reports.
Exploitation requires the target to visit a malicious web site.
This specific flaw exists within the ActiveX control with CLSID
85A4A99C-8C3D-499E-A386-E0743DFF8FB7. Specifying large values to two
specific functions available in this control results in an exploitable
stack based buffer overflow.
The vulnerable function / parameters include:
* DownloadAndExecute(), second of five parameters
* AddFileEx(), third of seven parameters
-- Vendor Response:
Notification was recently (January) sent to Macrovision customers about
the vulnerability and the correct way to resolve it (patching to a
newer version of the agent resolves the issue). The exact timing of
this deployment is left to our customers and partner.
-- Disclosure Timeline:
2006.06.22 - Vulnerability reported to vendor
2006.11.06 - Digital Vaccine released to TippingPoint customers
2007.06.04 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by Pedram Amini, TippingPoint DVLabs
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments,
is being sent by 3Com for the sole use of the intended recipient(s) and
may contain confidential, proprietary and/or privileged information.
Any unauthorized review, use, disclosure and/or distribution by any
recipient is prohibited. If you are not the intended recipient, please
delete and/or destroy all copies of this message regardless of form and
any included attachments and notify 3Com immediately by contacting the
sender via reply e-mail or forwarding to 3Com at postmaster (at) 3com (dot) com. [email concealed]
[ reply ]