Stack-based buffer overflow in the Symantec.FaxViewerControl.1 ActiveX control in WinFax\DCCFAXVW.DLL in Symantec WinFax Pro 10.03 allows remote attackers to execute arbitrary code via a long argument to the AppendFax method.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-008 | vendor advisory |
| http://www.securityfocus.com/bid/34766 | vdb entry exploit |
| http://www.vupen.com/english/advisories/2009/1221 | vdb entry vendor advisory |
| http://secunia.com/advisories/34925 | third party advisory vendor advisory |
| http://retrogod.altervista.org/9sg_symantec_win_fuck_pro.html | |
| http://www.securitytracker.com/id?1022147 | vdb entry exploit |
| http://www.securityfocus.com/archive/1/503086/100/0/threaded | mailing list |
| http://osvdb.org/54137 | vdb entry |
| http://www.securityfocus.com/archive/1/503074/100/0/threaded | mailing list |
| http://www.securityfocus.com/archive/1/503163/100/0/threaded | mailing list |