Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control

Rocco Calvi

CVE
CVE-2010-5193
Affected Vendor
Viscom Software
Affected Product
Image Viewer CP Pro 8.0
Exploit Type
Metasploit Module
Metasploit Module
exploit/windows/browser/imgeviewer_tifmergemultifiles

Description

A stack-based buffer overflow in the ImageViewer2.OCX ActiveX control exploited via an overly long argument to the TifMergeMultiFiles() method, enabling code execution with user privileges. The module bypasses DEP and ASLR protections on Windows XP IE8, Vista, and Windows 7.

References