Creative Software AutoUpdate ActiveX Exploit

This module exploits a vulnerability in the CTSUEng.ocx control included in the Creative Software AutoUpdate application. The exploit is triggered when the CacheFolder property processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2008-0955
Product Version: 
7.5
Released Date: 
Tuesday, June 10, 2008 - 00:00