1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Sienzo Ltmm15 ActiveX BO

HTTP Sienzo Ltmm15 ActiveX BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit buffer overflow vulnerability by searching for large arguements passed to the ltmm15 ActiveX control.

Additional Information

Sienzo Digital Music Mentor (DMM) is an application that helps students learn how to play guitar and bass.

The application is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Specifically, these issues affect the 'UnlockSupport' method of the application's 'ltmm15.dll' ActiveX control (CLSID: 00150BA1-B1BA-11CE-ABC6-F5B2E79D9E3F).

An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Failed attempts will likely result in denial-of-service conditions.

Digital Music Mentor 2.6.0.4 is vulnerable; other versions may also be affected.

Affected

  • Sienzo Digital Music Mentor 2.6.4

Response

Ensure that all vendor supplied patches have been applied.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube