IncrediMail IMMenuShellExt ActiveX Control Remote Buffer Overflow Vulnerability

IncrediMail is prone to a stack-based buffer-overflow vulnerability because it fails to sufficiently check boundaries of user-supplied input before copying it to an insufficiently sized memory buffer.

An attacker may exploit this issue by enticing victims into opening a malicious webpage or HTML email that invokes the affected control.

Successful exploits will corrupt process memory, allowing attacker-supplied arbitrary code to run in the context of the client application using the affected ActiveX control.


 

Privacy Statement
Copyright 2010, SecurityFocus