LPViewer ActiveX Control Multiple Buffer Overflow Vulnerabilities
High Nessus Plugin ID 34472
SynopsisThe remote Windows host has an ActiveX control that is affected by multiple remote buffer overflows.
DescriptionThe remote host contains the LPViewer ActiveX control, initially created by MGI Software but later taken over by Roxio and then again by iseemedia.
This control reportedly has stack-based buffer overflows in its 'url()', 'toolbar()', and 'enableZoomPastMax()' methods. If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, he can leverage these issues to execute arbitrary code on the affected system subject to the user's privileges.
SolutionUnknown at this time.