Test ID:	1.3.6.1.4.1.25623.1.0.900749
Category:	Buffer overflow
Title:	Hyleos ChemView ActiveX Control Multiple Buffer Overflow Vulnerabilities
Summary:	Hyleos ChemView ActiveX Control is prone to multiple Buffer Overflow vulnerabilities.
Description:	Summary: Hyleos ChemView ActiveX Control is prone to multiple Buffer Overflow vulnerabilities. Vulnerability Insight: The flaws are due to two boundary errors in the 'HyleosChemView.ocx' which can be exploited to cause stack-based buffer overflows by passing strings containing an overly large number of white-space characters to the 'SaveasMolFile()' and 'ReadMolFile()' methods. Vulnerability Impact: Successful exploitation could allow an attacker to execute arbitrary code within the context of the affected application. Affected Software/OS: Hyleos ChemView ActiveX Control version 1.9.5.1 and prior. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0679 BugTraq ID: 38225 http://www.securityfocus.com/bid/38225 http://www.exploit-db.com/exploits/11422 http://packetstormsecurity.org/1002-advisories/chemviewx-overflow.txt http://packetstormsecurity.org/1002-exploits/hyleoschemview-heap.rb.txt http://www.security-assessment.com/files/advisories/2010-02-11_ChemviewX_Activex.pdf http://osvdb.org/62276 http://secunia.com/advisories/38523
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.