[原文]Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) 18.104.22.168817, and possibly 22.214.171.124209, allows remote attackers to execute arbitrary code via a long string in the first argument to SetBannerUrl. NOTE: portions of these details are obtained from third party information.
BankTown BtCxCtl20Com ActiveX Control SetBannerUrl() Function Overflow
Remote / Network Access,
Loss of Integrity
A remote overflow exists in BankTown's BtCxCtl20Com ActiveX Control. BtCxCtl20Com fails to handle an overly long argument passed to the SetBannerUrl() function, resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of confidentiality and/or integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, BankTown has released a patch to address this vulnerability.