Summary
The host is installed with SigPlus Pro ActiveX Control and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to create or overwrite arbitrary local files and to execute arbitrary code.
Impact Level: Application
Solution
Upgrade to the Topaz Systems SigPlus Pro ActiveX Control Version 4.29 or later.
For updates refer to http://www.topazsystems.com/Software/download/sigplusactivex.htm
Insight
The flaws are due to
- A boundary error when processing the 'KeyString' property which can be exploited to cause a heap-based buffer overflow via an overly long string.
- A boundary error when processing the 'SetLocalIniFilePath()' method, and 'SetTabletPortPath()' method can be exploited to cause a heap-based buffer overflow via an overly long string passed in the 'NewPath' and 'NewPortPath' parameter respectively.
- An unsafe 'SetLogFilePath()' method creating a log file in a specified location which can be exploited in combination with the 'SigMessage()' method to create an arbitrary file with controlled content.
Affected
Topaz Systems SigPlus Pro ActiveX Control Version 3.95
References
Severity
Classification
-
CVE CVE-2011-0323, CVE-2011-0324 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
- Adobe Air Multiple Vulnerabilities -01 May 13 (Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Mac OS X)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Windows)
- Adobe Acrobat Sandbox Bypass Vulnerability - Aug14 (Windows)