This script is Copyright (C) 2011 Tenable Network Security, Inc.
The remote Windows host has an ActiveX control that is affected by
The SigPlus Pro ActiveX control, used for electronic signature
integration with Topaz signature pads and installed on the remote
Windows host, is earlier than 4.29. Such versions reportedly are
affected by the following vulnerabilities :
- The 'SetLogFilePath()' method allows creation of a log
file in a specified location, potentially with content
controlled by an attacker through, for example, the
'SigMessage()' method. (CVE-2011-0323)
- Boundary errors when processing the 'KeyString'
property and when handling the 'SetLocalIniFilePath()'
and 'SetTablePortPath()' methods can be exploited to
cause a heap-based buffer overflow. (CVE-2011-0324)
See also :
Upgrade to SigPlus Pro ActiveX version 4.29 or later as that
reportedly addresses the issues.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true