COMMAX UMS Client ActiveX Control Heap-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A heap-based buffer overflow vulnerability has been identified in the COMMAX UMS Client ActiveX Control version 1.7.0.2. This vulnerability allows attackers to execute arbitrary code by sending excessively long string arrays through multiple functions, exploiting improper boundary validation in the CNC_Ctrl.dll file. The vulnerability could lead to heap corruption and potentially allow attackers to gain system-level access.
Impact
Exploitation of this vulnerability causes a heap-based buffer overflow, leading to heap corruption and allowing for arbitrary code execution on the affected system.
Reproduction
The vulnerability can be reproduced by using a VBScript that calls the 'rtsp_forceconnect_login' function of the COMMAX UMS Client ActiveX Control. This function can be accessed by creating an HTML file that includes the ActiveX control and the VBScript code. The script must send long strings to the function parameters, which will trigger the buffer overflow.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.