>> BackWeb Lite Install Runner ActiveX Buffer Overflow Vulnerabilities
Title : BackWeb Lite Install Runner ActiveX Buffer Overflow Vulnerabilities VUPEN ID : VUPEN/ADV-2008-1791 CVE ID : CVE-2008-0956 CWE ID : CWE-119 - CWE-618
Rated as : Critical
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2008-06-11
Technical Description
Multiple vulnerabilities have been identified in BackWeb, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. These issues are caused by buffer overflow errors in the Lite Install Runner ActiveX control (LiteInstActivator.dll) when processing overly long or malformed data, which could be exploited by remote attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a specially crafted web page.
