E-Book Systems FlipViewer versions 4.0 and prior contain multiple vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system.
These vulnerabilities exist because the FViewerLoading ActiveX control, referenced by the FlipViewerX.dll file of the affected software, does not perform sufficient boundary checks on user-supplied input. An unauthenticated, remote attacker could exploit these vulnerabilities by convincing a targeted user to view a malicious web page crafted with an overly large value to any of the following properties: UID, Opf, PAGENO, LaunchMode, SubID, BookID, LibraryID, SubURL, and LoadOpf. When the affected software processes the malicious input, a buffer overflow could occur, corrupting memory on the targeted system. An attacker could take advantage of the buffer overflow to execute arbitrary code on the system with the privileges of the user.
Reports suggest that an attacker could also exploit these vulnerabilities to cause the other browsers that reference the affected ActiveX control to terminate unexpectedly, leading to a denial of service (DoS) condition.
E-Book Systems has not confirmed the vulnerabilities; however, reports suggest that the vulnerabilities have been fixed in FlipViewer version 4.1 and later.