1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP DJVU ActiveX BO

HTTP DJVU ActiveX BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This siganture will detect attempts to exploit a Buffer Overflow Vulnerability in DjVu ActiveX Control.

Additional Information

The DjVu ActiveX handles files in the DjVu digital document format.

The application is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

In particular, the vulnerability can be exploited through the 'ImageURL' property. If an attacker supplies excessively large data to this property, memory will be overwritten and become corrupted as a result of a heap-based buffer overflow.

The issue resides in the 'DjVu_ActiveX_MSOffice.dll' and the control is identified with class ID {4A46B8CD-F7BD-11D4-B1D8-000102290E7C}.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.

The DjVu ActiveX control version 3.0 is vulnerable; other versions may also be affected.

Response

Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube