Hummingbird HostExplorer ActiveX Control BOF Vulnerability Network Vulnerability

Summary

This host has Hummingbird HostExplorer ActiveX Control installed and is prone to stack based buffer overflow vulnerability. The flaw is due to error in Hummingbird.XWebHostCtrl.1 ActiveX control in hclxweb.dll file when handling the 'PlainTextPassword' function, which can be exploited by assigning an overly long string.

Impact

Successful exploitation will allow execution arbitrary code, and deny the service. Impact Level: Application

Solution

Update to HostExplorer 2008 http://connectivity.hummingbird.com/products/nc/he/index.html

Affected

Hummingbird HostExplorer versions prior to 2008 on Windows (all)

References

http://secunia.com/advisories/32319/

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-4729
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Denial Of Service Vulnerability in OpenSSL June-09 (Linux)
Apache Subversion 'mod_dav_svn' log REPORT Request DoS Vulnerability
Firefox 'nsObserverList::FillObserverArray' DOS Vulnerability (Win)
EtherApe RPC Packet Processing Denial of Service Vulnerability
Avahi Denial of Service Vulnerability

Take action and discover your vulnerabilities