ICONICS Dialog Wrapper Module ActiveX (DlgWrapper.dll) DoModal Function Overflow

High Nessus Plugin ID 23967


The remote Windows host has an ActiveX control that is affected by a buffer vulnerability.


The remote host contains the DlgWrapper ActiveX control included with selected ICONICS applications.

The version of this ActiveX control on the remote host reportedly has an unspecified buffer overflow. If an attacker can trick a user on the affected host into visiting a specially-crafted web page, he may be able to leverage this issue to execute arbitrary code on the host subject to the user's privileges.


Contact the vendor for a patch.

Plugin Details

Severity: High

ID: 23967

File Name: scada_iconics_dlgwrapper_activex_overflow.nbin

Version: $Revision: 1.89 $

Type: local

Family: SCADA

Published: 2007/01/03

Modified: 2018/02/14

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2007/01/03

Reference Information

CVE: CVE-2006-6488

BID: 21849

OSVDB: 32552

CERT: 251969