ASUS Net4Switch ipswcom.dll ActiveX Control Buffer Overflow

Added: 03/19/2012
BID: 52110
OSVDB: 79438

Background

Asus manufactures computers, peripherals, computer components and network switches.

Problem

The Asus Net4Switch ipswcom.dll ActiveX component is vulnerable to buffer overflow as a result of failure to perform adequate boundary checks on user-supplied input.

Resolution

Contact the vendor.

References

http://dsecrg.com/pages/vul/show.php?id=417

Limitations

The exploit page must be opened using Internet Explorer 7 on the target.

This exploit has been tested on ASUS Net4Switch 1.0.0020 on Windows XP SP3 English (DEP OptIn) and Windows Vista SP2 (DEP OptIn).

Platforms

Windows

Back to exploit index