ICONICS Dialog Wrapper Module ActiveX Control Remote Stack Buffer Overflow Vulnerability
BID:21849
Info
ICONICS Dialog Wrapper Module ActiveX Control Remote Stack Buffer Overflow Vulnerability
| Bugtraq ID: | 21849 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-6488 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 02 2007 12:00AM |
| Updated: | Mar 19 2015 09:49AM |
| Credit: | Will Dormann |
| Vulnerable: |
ICONICS, Inc. ICONICS Vessel/Gauge/Switch ActiveX Control 8.02.140.0 ICONICS, Inc. DlgWrapper.dll 8.0.138.0 ICONICS, Inc. Dialog Wrapper Module ActiveX Control 0 |
| Not Vulnerable: |
ICONICS, Inc. DlgWrapper.dll 8.4.166.0 |
Discussion
ICONICS Dialog Wrapper Module ActiveX Control Remote Stack Buffer Overflow Vulnerability
The ICONICS Dialog Wrapper Module ActiveX control is prone to a remote buffer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary code with the privileges of the victim user. Failed attempts can crash the host application.
Versions prior to DlgWrapper.dll 8.4.166.0 are affected.
The ICONICS Dialog Wrapper Module ActiveX control is prone to a remote buffer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary code with the privileges of the victim user. Failed attempts can crash the host application.
Versions prior to DlgWrapper.dll 8.4.166.0 are affected.
Exploit / POC
ICONICS Dialog Wrapper Module ActiveX Control Remote Stack Buffer Overflow Vulnerability
To exploit this issue, an attacker must entice a victim user to visit a malicious link.
UPDATE (October 22, 2008): There are limited reports of this issue being actively exploited in the wild.
The following exploit code is available:
To exploit this issue, an attacker must entice a victim user to visit a malicious link.
UPDATE (October 22, 2008): There are limited reports of this issue being actively exploited in the wild.
The following exploit code is available:
Solution / Fix
ICONICS Dialog Wrapper Module ActiveX Control Remote Stack Buffer Overflow Vulnerability
Solution:
The vendor has released a fix. Please see the references for more information.
Iconics Dialog Wrapper Module ActiveX Control 0
Solution:
The vendor has released a fix. Please see the references for more information.
Iconics Dialog Wrapper Module ActiveX Control 0
-
ICONICS, Inc. FreeToolsActiveX_DlgWrapperHotFix.zip
http://www.iconics.com/support/free_tools/FreeToolsActiveX_DlgWrapperH otFix.zip
References
ICONICS Dialog Wrapper Module ActiveX Control Remote Stack Buffer Overflow Vulnerability
References:
References:
- Malware targeting industrial control software(?) (dean de beer)
- Vendor Homepage (ICONICS, Inc.)