HP Photo Creations audio.Record ActiveX Stack Buffer Overflow

Added: 01/10/2011
BID: 45631

Background

HP Photo Creations is free software that lets the user create photo books, calendars, collages, greeting cards and other keepsakes that can be printed or shipped to the user. HP Photo Creations installs and registers the audio.Record ActiveX control which contains various audio processing functions, e.g., recording, resampling, and importing.

Problem

HP Photo Creations audio.Record ActiveX control is vulnerable to buffer overflow due to a boundary error in ContentMan.dll while parsing arguments passed to the Resample function.

Resolution

Update to HP Photo Creations build 5162, which includes ContentMan.dll version 1.0.0.5162.

References

http://secunia.com/advisories/42770/

Limitations

Exploit works on HP Photo Creative 2.0 and the user must load the exploit page in Internet Explorer 7.

Platforms

Windows

Back to exploit index