18391 : nProtect Multiple Products Npos ActiveX Input Validation Failure
Printer | http://osvdb.org/18391 | Email This | Edit Vulnerability

Views This Week

Views All Time

Info

Last Modified

3 months ago

Percent Complete

100%

Disclosure

Jul 29, 2005

Discovery

Jul 01, 2005

Dates

Exploit

Unknown

Solution

Unknown

Description

nProtect Netizen and nProtect Personal contains a flaw that may allow a remote attacker to execute arbitrary code. The problem is that the 'Npos' ActiveX control does not verify the URL of the update site and the origin of the update configuration file. By creating a malicious web site containing a specially crafted update configuration file and tricking a victim to visit that site, it is possible for a remote attacker to download and execute arbitrary files resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, INCA has released a patch to address this vulnerability.

Products

INCA Internet Co., Ltd.	nProtect Netizen	Unknown or Unspecified
INCA Internet Co., Ltd.	nProtect Personal	Unknown or Unspecified

References

ISS X-Force ID: 21671
Secunia Advisory ID: 16258
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0652.html
Vendor URL: http://eng.nprotect.co.kr/

Credit

Park Gyutae - saintlinuyahoo.co.kr -

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

INCA Internet Co., Ltd.

nProtect Netizen

nProtect Personal

References

Credit

Blogs

Comments