SigPlus Pro ActiveX Control 'LCDWriteString()' Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is installed with SigPlus Pro ActiveX Control and is prone to buffer overflow vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary code on the system or cause the victim's browser to crash. Impact Level: Application/System

Solution

Upgrade to SigPlus Pro ActiveX control version 3.95 or later, For updates refer to http://www.topazsystems.com/software/download/sigplusactivex.htm

Insight

The flaw is due to a boundary error in SigPlus.ocx when handling the 'HexString' argument passed to the 'LCDWriteString()' method and can be exploited to cause a stack-based buffer overflow via an overly long string.

Affected

SigPlus Pro ActiveX control version 3.74

References

http://secunia.com/advisories/40818
http://www.exploit-db.com/exploits/14514
http://xforce.iss.net/xforce/xfdb/60839

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2931
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ACDSee FotoSlate PLP Multiple Buffer Overflow Vulnerabilities
Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Mac OS X)
Apple Safari 'CSS' Buffer Overflow Vulnerability (Win) - Dec09
Cogent DataHub Unicode Buffer Overflow Vulnerability
Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Windows)

Take action and discover your vulnerabilities