Japan Vulnerability NotesJVN:62078684JVN#62078684: ELPhoneBtnV6 ActiveX control vulnerable to buffer overflow
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
92.3%
ELPhoneBtnV6 ActiveX control was used for “Click to Live” service provided by FreeBit Co., Ltd. Although “Click to Live” service has been discontinued, PCs that used the “Click to Live” service may still have the ActiveX control installed.
ELPhoneBtnV6 ActiveX control, which is provided by the file c2lv6.ocx, contains a buffer overflow vulnerability in the ExecCall() method.
Impact
By convincing a user to view a specially crafted HTML document (e.g., a web page, an HTML email message, or an HTML email attachment), an attacker may be able to execute arbitrary code with the privileges of the user.
Solution
Delete the ELPhoneBtnV6
“Click to Live” service has been discontinued. It is recommended to delete the ELPhoneBtnV6 ActiveX Control.
Products Affected
- ELPhoneBtnV6 ActiveX control
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
92.3%