EMC Captiva QuickScan Pro KeyHelp ActiveX Control JumpURL buffer overflow

Added: 10/02/2009
BID: 36546
OSVDB: 58423

Background

EMC Captiva QuickScan Pro is a document capture solution. It includes KeyHelp, a free ActiveX control used for enhancing HTML help systems.

Problem

A buffer overflow vulnerability in the KeyHelp ActiveX Control allows command execution when a user loads a web page which calls the JumpURL method with specially crafted arguments.

Resolution

Set the kill bit for Class ID {B7ECFD41-BE62-11D2-B9A8-00104B138C8C} as described in Microsoft Knowledge Base Article 240797.

References

http://secunia.com/advisories/36914/
http://secunia.com/advisories/36905/

Limitations

Exploit works on EMC Captiva QuickScan Pro 4.6 SP1 and requires a user to open the exploit page in Internet Explorer 6 or 7.

Platforms

Windows

Back to exploit index