CVE-2010-4597

Ecava IntegraXor < 3.5.3900.5 - Stack-Based Buffer Overflow via IntegraXor.Project ActiveX Control

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4597. PoCs published by Jeremy Brown.

AI-analyzed exploit summary This exploit demonstrates a stack-based buffer overflow in Ecava IntegraXor's ActiveX control via the 'save' method, allowing arbitrary code execution by sending a maliciously crafted HTML page. The PoC triggers the vulnerability by passing an overly large string to the 'save' method, overwriting the return address.

Description

Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the second argument.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jeremy Brown · pythondoswindows

https://www.exploit-db.com/exploits/15767

View Code ZIP pw:eip

This exploit demonstrates a stack-based buffer overflow in Ecava IntegraXor's ActiveX control via the 'save' method, allowing arbitrary code execution by sending a maliciously crafted HTML page. The PoC triggers the vulnerability by passing an overly large string to the 'save' method, overwriting the return address.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Ecava IntegraXor 3.5.3900.5

No auth needed

Prerequisites: Target must have Ecava IntegraXor 3.5.3900.5 installed · Target must access the malicious HTML page

MITRE ATT&CK