CVE-2010-0679

Hyleos Chemview - Memory Corruption

Title source: rule

Description

Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argument to the (1) SaveasMolFile and (2) ReadMolFile methods.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16500

View Code ZIP pw:eip

exploitdb WORKING POC

by Dz_attacker · rubyremotewindows

https://www.exploit-db.com/exploits/11422

View Code ZIP pw:eip

metasploit WORKING POC GOOD

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/hyleos_chemviewx_activex.rb

View Code ZIP pw:eip

References (7)

[Third Party Advisory, VDB Entry] http://osvdb.org/62276

[Exploit] http://packetstormsecurity.org/1002-advisories/chemviewx-overflow.txt

[Exploit] http://packetstormsecurity.org/1002-exploits/hyleoschemview-heap.rb.txt

[Vendor Advisory] http://secunia.com/advisories/38523

[Exploit] http://www.exploit-db.com/exploits/11422

[Various Sources] http://www.security-assessment.com/files/advisories/2010-02-11_ChemviewX_Activex.pdf

[Exploit] http://www.securityfocus.com/bid/38225

Scores

EPSS 0.7470

EPSS Percentile 98.9%

Details

CWE

CWE-119

Status published

Products (1)

hyleos/chemview 1.9.5.1

Published Feb 22, 2010

Tracked Since Feb 18, 2026