IBM AFP Viewer Plug-in SRC Property Buffer Overflow
High Nessus Plugin ID 33268
SynopsisThe remote Windows host has a browser plugin that is affected by a buffer overflow vulnerability.
DescriptionThe Windows remote host contains IBM's AFP Viewer plug-in, which allows for viewing AFP (Advanced Function Presentation) documents from a web browser.
The version of the plug-in installed on the remote host reportedly contains a heap-based buffer overflow that can be triggered when processing a 'SRC' property with a string longer than 1023 characters.
If an attacker can trick a user on the affected host into visiting a specially crafted web page, this issue could be leveraged to execute arbitrary code on the affected system subject to the user's privileges.
SolutionUpgrade to AFP Viewer plug-in version 22.214.171.124 or later.