• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Avaya IP Softphone ActiveX Controls Multiple Buffer Overflow Vulnerabilities

Multiple Avaya IP Softphone ActiveX controls are prone to multiple buffer-overflow vulnerabilities because the software fails to perform adequate boundary-checks on user-supplied data.

Successfully exploiting these issues will allow an attacker to execute arbitrary code within the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.

The vulnerable controls are not marked 'safe for scripting', making remote exploits possible only when used in conjunction with other latent vulnerabilities or when configuration settings allow the affected controls to be remotely executed.

Avaya IP Softphone 5.2 and 6.0 are vulnerable to these issues.