Published: 04/11/2008 Updated: 29/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 940

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote malicious users to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties.

Vulnerable Product	Search on Vulmon	Subscribe to Product
djvu activex_control_for_microsoft_office_2000

<!-- DjVu ActiveX Control ImageURL Property Overflow From DjVuorg : "DjVu (pronounced "dï¿½jï¿½ vu") is a digital document format with advanced compression technology and high performance value DjVu allows for the distribution on the Internet and on DVD of very high resolution images of scanned documents, digital documents, and photogr ...

## # $Id: djvu_imageurlrb 10477 2010-09-25 11:59:02Z mc $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Meta ...

CWE-119 http://www.securityfocus.com/bid/31987 http://securityreason.com/securityalert/4560 http://www.vupen.com/english/advisories/2008/2956 https://exchange.xforce.ibmcloud.com/vulnerabilities/46214 https://www.exploit-db.com/exploits/6878 https://nvd.nist.gov https://www.exploit-db.com/exploits/6878/

CVE-2008-4922

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect