1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA31632

Ultra Office ActiveX Control Multiple Vulnerabilities

Report ID: SA31632
Source: Secunia
Date of Discovery: 29.08.2008
Criticality: Urgent
Affects:
Ultra Office Control 2.x
Compromise From: From remote
Compromise Type: System access

Summary

Multiple vulnerabilities has been discovered in Ultra Office Control, which can be exploited by malicious people to compromise a user's system.

Detailed Description

Multiple vulnerabilities has been discovered in Ultra Office Control, which can be exploited by malicious people to compromise a user's system.


1) A boundary error exists in the Ultra.OfficeControl ActiveX control (OfficeCtrl.ocx) when handling parameters received by the "HttpUpload()" method. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into visiting a malicious website.

2) The "Save()" method provided by the Ultra.OfficeControl ActiveX control (OfficeCtrl.ocx) allows attackers to overwrite arbitrary files on a user's system by e.g. tricking a user into visiting a malicious website.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in version 2.0.2008.501. Other versions may also be affected.

Solution

Set the kill-bit for the affected ActiveX control.