Stack-based buffer overflow in ActiveX control used by ICONICS
CVE-2006-6488

Currently unrated

Key Information:

Vendor

Iconics

Status
Dialog Wrapper Module Activex Control
Vendor
CVE Published:
31 December 2006

What is CVE-2006-6488?

A stack-based buffer overflow vulnerability exists in the DoModal function of the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) prior to version 8.4.166.0. This flaw is exploited by sending a specially crafted value to either the FileName or Filter argument, potentially allowing attackers to execute arbitrary code remotely. Users of ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX components are urged to update to the latest versions to mitigate risks associated with this vulnerability.

References

http://www.securityfocus.com/bid/21849
vdb-entryx_refsource_BID
http://www.kb.cert.org/vuls/id/251969
third-party-advisoryx_refsource_CERT-VN
http://osvdb.org/32552
vdb-entryx_refsource_OSVDB

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.