CVE-2007-2938 Information

Description

Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6 when Internet Explorer 6 is used allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method and possibly the (2) SetLoginID (3) AddSite (4) SetScreen and (5) SetVideoServer methods.

Reference

http://osvdb.org/36700 http://secunia.com/advisories/25430 http://www.securityfocus.com/bid/24172 http://www.vupen.com/english/advisories/2007/1958 https://exchange.xforce.ibmcloud.com/vulnerabilities/34548 https://www.exploit-db.com/exploits/3993