SigPlus Pro ActiveX Control < 4.29 Multiple Vulnerabilities

This script is Copyright (C) 2011 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by
multiple vulnerabilities.

Description :

The SigPlus Pro ActiveX control, used for electronic signature
integration with Topaz signature pads and installed on the remote
Windows host, is earlier than 4.29. Such versions reportedly are
affected by the following vulnerabilities :

- The 'SetLogFilePath()' method allows creation of a log
file in a specified location, potentially with content
controlled by an attacker through, for example, the
'SigMessage()' method. (CVE-2011-0323)

- Boundary errors when processing the 'KeyString'
property and when handling the 'SetLocalIniFilePath()'
and 'SetTablePortPath()' methods can be exploited to
cause a heap-based buffer overflow. (CVE-2011-0324)

See also :

http://secunia.com/secunia_research/2011-1/
http://secunia.com/secunia_research/2011-2/

Solution :

Upgrade to SigPlus Pro ActiveX version 4.29 or later as that
reportedly addresses the issues.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 51895 ()

Bugtraq ID: 46128

CVE ID: CVE-2011-0323
CVE-2011-0324

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now