Detections
Analytics
Gracenote CDDBControl ActiveX Control Option String Overflow
high Nessus Plugin ID 21772
Synopsis
The remote Windows host has an ActiveX control that is susceptible to a buffer overflow vulnerability.Description
The Windows remote host contains the Gracenote CDDBControl ActiveX control, which is used by various products, including AOL's software, to lookup CD information in the Gracenote CDDB and is commonly marked as safe for scripting.The version of this ActiveX control on the remote host reportedly contains a buffer overflow vulnerability that arises when a large string is supplied as an option for the control. A remote attacker may be able to leverage this issue to execute arbitrary code on the remote host subject to the privileges of the current user.
Solution
Contact the developer of the software you are using for a patch or new version; otherwise, use Gracenote's tool to set its kill bit to disable the control in Internet Explorer.See Also
https://www.zerodayinitiative.com/advisories/ZDI-06-019/
https://seclists.org/fulldisclosure/2006/Jun/883
http://www.nessus.org/u?67486937
https://secuniaresearch.flexerasoftware.com/secunia_research/2006-69/advisory/
Plugin Details
Severity: High
ID: 21772
File Name: cddbcontrol_activex_overflow.nasl
Version: 1.30
Type: local
Agent: windows
Family: Windows
Published: 6/28/2006
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
Required KB Items: SMB/Registry/Enumerated
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 6/27/2006
Reference Information
CVE: CVE-2006-3134, CVE-2006-6442
BID: 18678