Description: Will Dormann has discovered some vulnerabilities in Logitech VideoCall, which can be exploited by malicious people to compromise a user's system.
1) A boundary error in the WebCamXMP ActiveX control (wcamxmp.dll) when handling the "Start()" method can be exploited to cause a stack-based buffer overflow via an overly long string.
2) A boundary error in the ComLink ActiveX control (uicomlink.dll) when handling the "SetTarget()" method can be exploited to cause a heap-based buffer overflow via an overly long string.
3) Multiple boundary errors in the CallManager ActiveX control (StarClient.dll) when handling the "ApplySettings()", "SetupContactMembershipList()", "SetAdviceAnswered()", "SetAdviseRinging()", "SetAdviseHangup()", "SetAdviseRingBack()", "SetAdvisePresent()", "StartCall()", "SetAdviseConnected()", "SetAdviseDisconnected()", "SetAdviseDataChange()", "SetAdvisePlaceCall()", "SetCurrentGroup()", "SetPicShareAdvise()", and "EnableTimer()" methods can be exploited to cause heap-based and stack-based buffer overflows via overly long strings.
4) Multiple boundary errors in the ViewerClient ActiveX control (StarClient.dll) when handling the "SendCommand()", "SendVideo()", "SendTo()", "RecvVideo()", "RemoveImage()", and "SendMessage()" methods can be exploited to cause stack-based buffer overflows via overly long strings.
5) Multiple boundary errors in the VibeControl ActiveX control (vibecontrol.dll) when handling the
"VSelectAudioInputSource()", "VSelectAudioOutputSource()", "VSelectVideoSource()", "VInitCall()", "VAddContact()", "VDeleteContact()", "VIsContactMember()", "VIsContactOnline()", "VGetPiconURL()", "VGetContactUserName()", "VVideoMailWizard()", "VSharePicture()", "VVibeDoctor()", "VDropPictures()", "VImportContacts()", "VSetCurrentPictureFolder()", "VSendMessage()", "VImportPictures()", and "VApplySettings()" methods can be exploited to cause stack-based buffer overflows via overly long strings.
Successful exploitation of the vulnerabilities allows execution of arbitrary code.
The vulnerabilities are confirmed in version 2.0.3470.448. Other versions may also be affected.
Change Page: [ 1 ] [ 2 ] [ 3 ]
|