Iconics, Inc. Information for VU#251969

ICONICS Dialog Wrapper Module ActiveX control vulnerable to buffer overflow

Status

Affected

Vendor Statement

ICONICS is dedicated to continuous improvement of product quality and reliability.

Background
The ICONICS Dialog Wrapper Module ActiveX control is included with ICONICS OPC-enabled visualization tools, such as the Gauge, Switch, and Vessel ActiveX controls. Under very specific conditions, this control allows a stack-based buffer overflow to occur.

Resolution
Immediately after being alerted to this vulnerability, ICONICS issued a hot fix to address this issue. It can be downloaded via the link below. It is recommended that all users apply the hot fix provided or disable the ICONICS Dialog Wrapper Module ActiveX control in Internet Explorer.

This hot fix (for all versions and applications) can be downloaded here:
http://www.iconics.com/support/free_tools/FreeToolsActiveX_DlgWrapperHotFix.zip.

The ICONICS Dialog Wrapper Module ActiveX control can be disabled in Internet Explorer by setting the kill bit for the following CLSID:
{9D6BD878-B8EB-47E5-AB1C-87D74173BAAA}
More information about how to set the kill bit is available in Microsoft Support Document 240797.

If you have any questions related to this notification please contact the Global Support & Services team at support@iconics.com.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

None

Addendum

Refer to the release notes included in http://www.iconics.com/support/free_tools/FreeToolsActiveX_DlgWrapperHotFix.zip.

If you have feedback, comments, or additional information about this vulnerability, please send us email.