Check Point Advisories

Update protection against LEADTOOLS Raster Twain LtocxTwainu.dll Buffer Overflow

Check Point Reference: CPAI-2010-162
Date Published: 30 Nov 2010
Severity: High
Last Updated: Friday 01 January, 2010
Source: Secunia Advisory SA41177
Protection Provided by:
Who is Vulnerable? LEAD Technologies LEADTOOLS Raster Twain 16.5.0.2 and possibly prior
Vulnerability Description
A buffer overflow vulnerability exists in LEADTOOLS Raster Twain ActiveX control. LEADTOOLS Imaging SDK provides tools for adding advanced imaging features to various applications. The vulnerability is due to a boundary error while parsing the "AppName" parameter of the affected ActiveX control.  Remote attackers can exploit this vulnerability by convincing target users to visit a malicious web page. Successful exploitation of this vulnerability would resut in arbitrary code execution.
Update/Patch AvaliableThe vendor has not released an advisory to address this vulnerability. 
Vulnerability Details
The vulnerability is due to a boundary error when processing a property of a shared ActiveX component. Remote attackers could exploit the vulnerability via a specially crafted web page that passes crafted values to vulnerable properties of the ActiveX controls.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK