1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Versalsoft File Upload ActiveX BO

HTTP Versalsoft File Upload ActiveX BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a buffer overflow vulnerability in 'AddFile()' method of VersalSoft HTTP File Upload ActiveX Control.

Additional Information

VersalSoft HTTP File Upload is an ActiveX control used to allow users to upload multiple files to webservers.

VersalSoft HTTP File Upload is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Specifically, this issue stems from a boundary condition in the 'AddFile()' method in the 'UFileUploaderD.dll' library. By passing an inordinately long string through the first argument of the affected method, an attacker can trigger a buffer overflow.

This method resides in the ActiveX control with a CLSID of 28776DAD-5914-42A7-9139-8FD7C756BBDD.

Invoking the object from a malicious website or HTML email may trigger this condition. Successful attacks corrupt process memory, allowing arbitrary code to run in the context of the client application using the affected ActiveX control.

VersalSoft HTTP File Upload 6.36 is vulnerable to this issue; other versions may also be affected.

Affected

  • VersalSoft HTTP File Upload 6.36

Response

Ensure that the latest version of veralSoft HTTP File Upload is installed and that all vendor supplied patches are applied.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube