LEADTOOLS ActiveX Common Dialogs 16.5 Multiple Remote Vulnerabilities

Vendor: LEAD Technologies, Inc.
Product Web Page: http://www.leadtools.com
Affected version: 16.5.0.2

Summary: With LEADTOOLS you can control any scanner, digital camera
or capture card that has a TWAIN (32 and 64 bit) device driver.
High-level acquisition support is included for ease of use while
low-level functionality is provided for flexibility and control in
even the most demanding scanning applications.

Desc: LEADTOOLS ActiveX Common Dialogs suffers from multiple remote
vulnerabilities (IoF, BoF, DoS) as it fails to sanitize the input in
different objects included in the Common Dialogs class.

Vulnerable Objects/OCX Dialogs (Win32):

1. ActiveX Common Dialogs (Web) ——————–> LtocxWebDlgu.dll
2. ActiveX Common Dialogs (Effects) —————-> LtocxEfxDlgu.dll
3. ActiveX Common Dialogs (Image) ——————> LtocxImgDlgu.dll
4. ActiveX Common Dialogs (Image Effects) ———-> LtocxImgEfxDlgu.dll
5. ActiveX Common Dialogs (Image Document)———-> LtocxImgDocDlgu.dll
6. ActiveX Common Dialogs (Color) ——————> LtocxClrDlgu.dll
7. ActiveX Common Dialogs (File) ——————-> LtocxFileDlgu.dll

Advisory: http://www.zeroscience.mk/mk/vulnerabilities/ZSL-2010-4961.php

Comment are closed.