| Name | Ultra.Crypto.Component.AcquireContext.Method.Access |
| Release Date | Nov 24, 2009 |
| Severity | Critical |
| Impact | System Compromise: Remote attackers can gain control of vulnerable systems. |
| Description | This indicates an attempt to exploit a code execution vulnerability in Ultra Crypto Component.
The vulnerability is located in the "CryptoX.dll" ActiveX control with overlay long argument to the "AcquireContext" method. It may allow remote attackers to download and install arbitrary files in vulnerable systems. |
| Affected Products | Ultra Shareware Ultra Crypto Component 0 |
| Recommended Actions | Set the kill bit for the following classid:
{09C282FE-7DE7-4697-9BE2-1C4F4DA825B3} |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4903
|
| Reference/s | http://www.securityfocus.com/bid/25609 (BugTraq)
http://www.milw0rm.com/exploits/4389
|