ICONICS Dialog Wrapper Module ActiveX (DlgWrapper.dll) DoModal Function Overflow

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by a
buffer vulnerability.

Description :

The remote host contains the DlgWrapper ActiveX control included with
selected ICONICS applications.

The version of this ActiveX control on the remote host reportedly has
an unspecified buffer overflow. If an attacker can trick a user on the
affected host into visiting a specially-crafted web page, he may be
able to leverage this issue to execute arbitrary code on the host
subject to the user's privileges.

Solution :

Contact the vendor for a patch.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 23967 ()

Bugtraq ID: 21849

CVE ID: CVE-2006-6488

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial