Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4384

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4384
Last Modified 07 Mar 2011 10:12:21
Published 07 Oct 2008 04:00:17
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4384

Summary

Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as acquired by Roxio and iseemedia, allow remote attackers to execute arbitrary code via the (1) url, (2) toolbar, and (3) enableZoomPastMax methods.

Vulnerable Systems

Application

  • Iseemedia Lpviewer

  • Mgi Software Lpviewer

  • Roxio Lpviewer


References

CERT-VN - VU#848873

XF - lpviewer-lpcontrol-activex-bo(45699)

VUPEN - ADV-2008-2749

BID - 31604

SECUNIA - 32140


Last Updated: 27 May 2016 10:48:28