CVE-2010-0679
published 2010-02-22CVE-2010-0679: Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers…
PriorityP260critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
35.13%
98.2th percentile
Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argument to the (1) SaveasMolFile and (2) ReadMolFile methods.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hyleos | chemview | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect instantiation of the vulnerable ActiveX control by its CLSID (C372350A-1D5A-44DC-A759-767FC553D96C) or ProgID (HyleosChemView.HLChemView) in HTML/script content delivered over HTTP. ↗
- →Alert on calls to the SaveAsMolFile or ReadMolFile methods of HyleosChemView.HLChemView with arguments containing large quantities of whitespace characters (spaces/tabs), indicative of buffer-overflow padding. ↗
- →Heap spray detection: look for repeated occurrences of the byte sequence 0x0A0A0A0A in memory or network traffic, used as the return address for the heap spray targeting this vulnerability. ↗
- →Detect JavaScript heap spray patterns (large while-loop NOP sled construction using unescape()) in HTML pages that also reference the HyleosChemView ActiveX CLSID or ProgID. ↗
- ·The vulnerable ActiveX control's base address varies between installations, making ROP/return-address targeting unreliable without heap spray; defenders should not rely solely on static return-address signatures. ↗
- ·The null byte (0x00) is a bad character for the payload; payloads containing null bytes will be truncated and the exploit will fail — encoders must avoid this byte. ↗
- ·The file-format variant of the exploit also treats 0x0a and 0x20 (newline and space) as bad characters, further constraining payload encoding in that attack vector. ↗
- ·The exploit targets only Windows XP SP0–SP3 with IE 6.0 SP0-2 and IE 7.0; other OS/browser combinations are not covered by the known public exploit module. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Hyleos ChemView - ActiveX Control Stack Buffer Overflow (Metasploit)
exploitdb·2010-07-27
CVE-2010-0679 Hyleos ChemView - ActiveX Control Stack Buffer Overflow (Metasploit)
Hyleos ChemView - ActiveX Control Stack Buffer Overflow (Metasploit)
---
##
# $Id: hyleos_chemviewx_activex.rb 9935 2010-07-27 02:25:15Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Hyleos ChemView ActiveX Control Stack Buffer Overflow',
'Description' => %q{
This module exploits a stack-based buffer overflow within version 1.9.5.1 of Hyleos
ChemView (HyleosChemView.ocx). By calling the 'SaveAsMolFile' or 'ReadMolFile' methods
with an overly long first argument, an attacker can overrun a buffer and execute
arbitrary code.
},
'Lice
Exploit-DB
Hyleos ChemView 1.9.5.1 - ActiveX Control Buffer Overflow (Metasploit)
exploitdb·2010-02-12
CVE-2010-0679 Hyleos ChemView 1.9.5.1 - ActiveX Control Buffer Overflow (Metasploit)
Hyleos ChemView 1.9.5.1 - ActiveX Control Buffer Overflow (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Hyleos ChemView ActiveX Control Buffer Overflow Exploit',
'Description' => %q{
This module exploits a stack-based buffer overflow within HyleosChemView.ocx of Hyleos ChemView 1.9.5.1
By setting an overly long value to 'SaveAsMolFile()', an attacker can overrun a buffer
and execute arbitrary code.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Dz_attacker '
],
'References' =>
[
[ 'URL', 'http://www.security-assessment.com/files
Metasploit
Hyleos ChemView ActiveX Control Stack Buffer Overflow
metasploit
Hyleos ChemView ActiveX Control Stack Buffer Overflow
Hyleos ChemView ActiveX Control Stack Buffer Overflow
This module exploits a stack-based buffer overflow within version 1.9.5.1 of Hyleos ChemView (HyleosChemView.ocx). By calling the 'SaveAsMolFile' or 'ReadMolFile' methods with an overly long first argument, an attacker can overrun a buffer and execute arbitrary code.
No writeups or analysis indexed.
http://osvdb.org/62276http://packetstormsecurity.org/1002-advisories/chemviewx-overflow.txthttp://packetstormsecurity.org/1002-exploits/hyleoschemview-heap.rb.txthttp://secunia.com/advisories/38523http://www.exploit-db.com/exploits/11422http://www.security-assessment.com/files/advisories/2010-02-11_ChemviewX_Activex.pdfhttp://www.securityfocus.com/bid/38225http://osvdb.org/62276http://packetstormsecurity.org/1002-advisories/chemviewx-overflow.txthttp://packetstormsecurity.org/1002-exploits/hyleoschemview-heap.rb.txthttp://secunia.com/advisories/38523http://www.exploit-db.com/exploits/11422http://www.security-assessment.com/files/advisories/2010-02-11_ChemviewX_Activex.pdfhttp://www.securityfocus.com/bid/38225
2010-02-22
Published