CVE-2012-0266
CVE-2012-0266
Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check method, a long bstrUrl parameter to the (3) Download or (4) DownloadModule method during construction of a .ntr pathname, or a long bstrUrl parameter to the (5) Download or (6) DownloadModule method during construction of a URL.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/21841unverifiedexploitdbwww.exploit-db.com/exploits/21841unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/bugtraq/2012-01/0074.htmlhttp://osvdb.org/78252http://secunia.com/advisories/45166http://secunia.com/secunia_research/2012-1/https://exchange.xforce.ibmcloud.com/vulnerabilities/72291https://exchange.xforce.ibmcloud.com/vulnerabilities/72292https://exchange.xforce.ibmcloud.com/vulnerabilities/72293http://www.exploit-db.com/exploits/21841