CVE-2008-3430

CoVideoWindow.ocx 5.0.907.1 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3430. PoCs published by Edi Strosar.

AI-analyzed exploit summary This exploit demonstrates a stack-based buffer overflow in the 'CoVideoWindow.ocx' ActiveX control of Eyeball MessengerSDK. It uses a long string of 'A' characters to overflow the BgColor property, potentially leading to arbitrary code execution in the context of the application using the control.

Description

Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in Eyeball MessengerSDK, as used in products such as SiOL Komunikator 1.3, allows remote attackers to execute arbitrary code via a large argument supplied to the BGColor method. NOTE: this might only be a vulnerability in certain insecure configurations of Internet Explorer.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Edi Strosar · textremotewindows
https://www.exploit-db.com/exploits/32124

This exploit demonstrates a stack-based buffer overflow in the 'CoVideoWindow.ocx' ActiveX control of Eyeball MessengerSDK. It uses a long string of 'A' characters to overflow the BgColor property, potentially leading to arbitrary code execution in the context of the application using the control.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Eyeball MessengerSDK CoVideoWindow.ocx 5.0.907.1
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer with the vulnerable ActiveX control installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44111
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30424

Scores

EPSS 0.0555
EPSS Percentile 91.9%

Details

CWE
CWE-119
Status published
Products (1)
eyeball_networks/eyeball_messenger_sdk 5.0.907.1
Published Jul 31, 2008
Tracked Since Feb 18, 2026