Vulnerabilities > CVE-2007-2918 - ActiveX Controls Multiple Buffer Overflow vulnerability in Logitech VideoCall
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Logitech VideoCall ActiveX Control Buffer Overflow. CVE-2007-2918. Remote exploit for windows platform |
| id | EDB-ID:16511 |
| last seen | 2016-02-02 |
| modified | 2010-05-09 |
| published | 2010-05-09 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/16511/ |
| title | Logitech VideoCall ActiveX Control Buffer Overflow |
Metasploit
| description | This module exploits a stack buffer overflow in the Logitech VideoCall ActiveX Control (wcamxmp.dll 2.0.3470.448). By sending an overly long string to the "Start()" method, an attacker may be able to execute arbitrary code. |
| id | MSF:EXPLOIT/WINDOWS/BROWSER/LOGITECHVIDEOCALL_START |
| last seen | 2020-02-29 |
| modified | 2017-09-09 |
| published | 2007-07-01 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2918 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/logitechvideocall_start.rb |
| title | Logitech VideoCall ActiveX Control Buffer Overflow |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/82977/logitechvideocall_start.rb.txt |
| id | PACKETSTORM:82977 |
| last seen | 2016-12-05 |
| published | 2009-11-26 |
| reporter | MC |
| source | https://packetstormsecurity.com/files/82977/Logitech-VideoCall-ActiveX-Control-Buffer-Overflow.html |
| title | Logitech VideoCall ActiveX Control Buffer Overflow |
References
- http://osvdb.org/36820
- http://osvdb.org/36821
- http://osvdb.org/36822
- http://osvdb.org/36823
- http://osvdb.org/36824
- http://secunia.com/advisories/25514
- http://www.kb.cert.org/vuls/id/330289
- http://www.securityfocus.com/bid/24254
- http://www.vupen.com/english/advisories/2007/2018
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34658