Autodesk IDrop ActiveX Control Heap Corruption Vulnerability

2009-04-02 / 2009-04-03
Credit: Elazar Broad
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Who: Autodesk http://www.autodesk.com What: Autodesk IDrop ActiveX Control http://usa.autodesk.com/adsk/servlet/index?siteID=123112&id=2753219& linkID=9240618 IDrop.ocx version 17.1.51.160 {21E0CB95-1198-4945-A3D2-4BF804295F78} How: The Src, Background, PackageXml properties can be manipulated to trigger a heap use after free condition resulting in arbitrary remote code execution. Other properties may be vulnerable as well. Fix: Remove or set the killbit for the affected control, see http://support.microsoft.com/kb/240797. Currently, there will be NO official patch for this issue. Autodesk's statement is as follows: "Thank you for taking the time and effort to identify a potential issue with our technology. We do take each and every customer or developer issue seriously and have spent time in reviewing your analysis of our i-drop technology. At this time, we have ceased investment in i-drop technology. It was released over five years ago as a means for developers to leverage their content delivery; w. made no new investment in this tool and have no current plans to update it in the near future. W. recorded your issue in our tracking database and will determine its priority if/when we determine new investment is required for this technology. Thank You Autodesk" Timeline: 06/17/2008 - Vendor notified 03/31/2009 - Vendor final response 04/02/2009 - this advisory Credit: Elazar Broad -----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQECAAYFAknVCzkACgkQi04xwClgpZjlOAP/XPrEIbz0bxFCYPQRo+NoK+3DlfIP /PmdSufN+ySHp1XrFmYwRbYaer09DHMqzos39h5g824qOiWAlSLWsWa8CXGz0MMoDnnl f0mly7WKylghfbu7OeK2/K3FI867671NvVWtDVaGOWlGQtZyfbC93FH5lA8CxztHcTBW 9YlNtYQ= =ocum -----END PGP SIGNATURE-----

References:

http://seclists.org/fulldisclosure/2009/Apr/0019.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top