1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP DB Software Lab VimpX ActiveX BO

HTTP DB Software Lab VimpX ActiveX BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a buffer in the VImpX ActiveX control by checking for large arguments being passed in by a specially crafted website.

Additional Information

VImpX is an ActiveX control that imports data into a variety of industry standard databases from flat files, cross tables, or ODBC data sources.

The 'VImpX.ocx' ActiveX control shipped with the VImpX application is prone to a buffer-overflow vulnerability. Specifically, the CLSID of '7600707B-9F47-416D-8AB5-6FD96EA37968' fails to properly sanitize user-supplied input to the 'Logfile' parameter in the 'VImpX.ocx' ActiveX component. By passing an inordinately long string as input to the affected method, an attacker can trigger a stack-based buffer overflow.

Invoking the object from a malicious website or HTML email may trigger this condition. A successful attack would corrupt process memory, allowing arbitrary code to run in the context of the client application using the affected ActiveX control.

Affected

  • VImpX 4.7.3.0 on Windows XP Service Pack 2 is reported vulnerable to this issue; other products may be vulnerable as well.

Response

Download and install all vendor patches related to this vulnerability.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube