Signature Detail

HTTP: StreamAudio ProxyManager InternalTuneIn Unsafe ActiveX Control Buffer Overflow

This signature detects attempts to use unsafe ActiveX controls against StreamAudio ProxyManager. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

The StreamAudio ProxyManager ActiveX control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. A successful exploit will allow an attacker to execute arbitrary code in the context of the application using the affected ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

Affected Products

• StreamAudio ccpm_0237.dll

References

• BugTraq: 27247
• CVE: CVE-2008-0248