SigPlus Pro ActiveX Control LCDWriteString() Method HexString Parameter Overflow
High Nessus Plugin ID 51894
SynopsisThe remote Windows host has an ActiveX control that is vulnerable to a buffer overflow attack.
DescriptionThe SigPlus Pro ActiveX control, used for electronic signature integration with Topaz signature pads and installed on the remote Windows host, is earlier than 3.95. A stack-based buffer overflow in such versions reportedly allows execution of arbitrary code via an overly long value for the 'HexString' argument to the 'LCDWriteString' method.
SolutionUpgrade to SigPlus Pro ActiveX version 3.95 or later as that is reported to address this issue.