Versions affected:
SecureTransport FileTransfer ActiveX Control vcst_eu.dll 1.0.0.5 English. Prior versions, and other language editions (vcst_*.dll), are assumed to be vulnerable.
Vulnerability discovered:
Buffer Overflow.
Vulnerability impact:
High - Remote code execution.
Vulnerability information:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tumbleweed Communications SecureTransport FileTransfer ActiveX Control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. It may be possible to embed into HTML capable email clients.
Additionally, a Metasploit Framework Module has been written to demonstrate the vulnerability.
References:
aushack.com advisory
http://www.aushack.com/200708-tumbleweed.txt
Credit:
Patrick Webster ( patrick@aushack.com )
---------------------------------------------------
http://www.milw0rm.com/exploits/5398
No comments:
Post a Comment