Release DateMay 05, 2009 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attempt to exploit a buffer overflow vulnerability in Baofeng Storm.This vulnerability is caused by an error in the "MPS.dll" ActiveX control when processing overlong arguments passed to OnBeforeVideoDownload() method. It allows a remote attacker to execute arbitrary code via a crafted web page. |
Affected ProductsBaofeng Storm versions 3.x |
Recommended ActionsSet the kill bit for the affected ActiveX control. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-1612 |
Reference/shttp://www.securityfocus.com/bid/34789 (BugTraq)http://milw0rm.com/exploits/8579 http://www.frsirt.com/english/advisories/2009/1232 (FrSIRT) |
