Intrusion Prevention

DjVu.ImageURL.Property.ActiveX.Control.Access

Description

This indicates an attempt to exploit a buffer-overflow vulnerability in DjVu.
This vulnerability is due to a program error that leads to a buffer overflow in the "DjVu_ActiveX_MSOffice.dll" ActiveX control. The overflow occurs when processing an overly long argument passed to the "ImageURL" property. A remote attacker may exploit this to execute arbitrary code.

Affected Products

Any version of DjVu

Impact

System Compromise.

Recommended Actions

Currently we are not aware of any vendor-supplied patch for this issue.

CVE References

CVE-2008-4922