• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

InterActual Player IAMCE and IAKey Remote Buffer Overflow Vulnerabilities

InterActual Player contains multiple ActiveX controls that are prone to buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.

An attacker could exploit these issues by creating a malicious web page that would initialize the affected ActiveX controllers and execute arbitrary code within the context of the user.

Exploiting this issue could allow an attacker to execute arbitrary code.

These issues affect InterActual Player 2.60.12.0717; other versions may be vulnerable as well.