1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: NTR ActiveX Control RCE

Web Attack: NTR ActiveX Control RCE

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a buffer overflow or a remote code execution vulnerability in NTR ActiveX control.

Additional Information

NTR ActiveX control is a device management application.

NTR ActiveX control is prone to the following security vulnerabilities:

1. Multiple remote buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. Specifically these issues affect the following methods and parameters:

'StartModule()': 'bstrUrl'
'Check()': 'bstrParams'
'Download()' and 'DownloadModule()': 'bstrUrl' of '.ntr' file
'Download()' and 'DownloadModule()': 'bstrUrl' via an url

2. A remote code-execution vulnerability affects the 'StopModule()' method of the 'lModule' parameter.

Attackers can exploit these issues to execute arbitrary code within the context of the application using the vulnerable control. Failed exploit attempts will result in a denial-of-service condition.

Affected

  • NTR ActiveX control 1.1.8
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube