Synactis All-In-The-Box ActiveX Remote Code Execution Vulnerability Network Vulnerability

Summary

This host is installed with All-In-The-Box ActiveX and is prone to Remote Code Execution Vulnerability.

Impact

Successful exploitation will let the attacker overwrite arbitrary files on the system via a filename terminated by a NULL byte. Impact Level: System/Application

Solution

Upgrade to Synactis, All-In-The-Box ActiveX version 4.02 or later For updates refer to http://synactis.com/pdf-in-the-box-downloads.asp

Insight

This flaw is due to an ActiveX control All_In_The_Box.ocx providing insecure SaveDoc method.

Affected

Synactis, All-In-The-Box ActiveX version 3.1.2.0 and prior. Workaround: Set the Killbit for the vulnerable CLSID {B5576893-F948-4E0F-9BE1-A37CB56D66FF} http://support.microsoft.com/kb/240797

References

http://secunia.com/advisories/33728
http://www.dsecrg.com/pages/vul/show.php?id=62

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-0465
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
Adobe Flash Player Buffer Overflow Vulnerability (Windows)
Buffer Overflow Vulnerability in Adobe Reader (Linux)
Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Mac OS X)
Becky! Internet Mail Buffer Overflow Vulnerability

Take action and discover your vulnerabilities