BaoFeng.Storm.ActiveX.SetAttributeValue.Buffer.Overflow
Description
BaoFeng Storm ActiveX control is prone to a buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input.
Unspecified vulnerability in Config.dll in Baofeng products allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009. (CVE-2009-1807)
Affected Products
Baofeng products 3.09.04.17 and earlier
Impact
An attacker can execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
Recommended Actions
Vendor has released update: http://www.baofeng.com/
Workaround:
1. Setting a kill bit for the Baofeng Config.dll (classid: BD103B2B-30FB-4F1E-8C17-D8F6AADBCC05) can prevent exploitation through Internet Explorer. Refer to Microsoft article KB240797 for information on setting the kill bit.
2. To prevent exploitation of ActiveX vulnerabilities, ActiveX controls should be disabled in any zone used by attackers.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |