ICONICS Dialog Wrapper Module ActiveX (DlgWrapper.dll) DoModal Function Overflow

high Nessus Plugin ID 23967

Language:

Synopsis

The remote Windows host has an ActiveX control that is affected by a buffer vulnerability.

Description

The remote host contains the DlgWrapper ActiveX control included with selected ICONICS applications.

The version of this ActiveX control on the remote host reportedly has an unspecified buffer overflow. If an attacker can trick a user on the affected host into visiting a specially-crafted web page, he may be able to leverage this issue to execute arbitrary code on the host subject to the user's privileges.

Solution

Contact the vendor for a patch.

Plugin Details

Severity: High

ID: 23967

File Name: scada_iconics_dlgwrapper_activex_overflow.nbin

Version: 1.230

Type: local

Family: SCADA

Published: 1/3/2007

Updated: 4/23/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1/3/2007

Reference Information

CVE: CVE-2006-6488

BID: 21849

CERT: 251969

Detections

Analytics