Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

Iconics, Inc. Information for VU#251969

Date Notified12/04/2006
Date Modified03/05/2007 10:17:30 PM
Status SummaryVulnerable

Vendor Statement

ICONICS is dedicated to continuous improvement of product quality and reliability.

Background
The ICONICS Dialog Wrapper Module ActiveX control is included with ICONICS OPC-enabled visualization tools, such as the Gauge, Switch, and Vessel ActiveX controls. Under very specific conditions, this control allows a stack-based buffer overflow to occur.

Resolution
Immediately after being alerted to this vulnerability, ICONICS issued a hot fix to address this issue. It can be downloaded via the link below. It is recommended that all users apply the hot fix provided or disable the ICONICS Dialog Wrapper Module ActiveX control in Internet Explorer.

This hot fix (for all versions and applications) can be downloaded here:
http://www.iconics.com/support/free_tools/FreeToolsActiveX_DlgWrapperHotFix.zip.

The ICONICS Dialog Wrapper Module ActiveX control can be disabled in Internet Explorer by setting the kill bit for the following CLSID:
{9D6BD878-B8EB-47E5-AB1C-87D74173BAAA}
More information about how to set the kill bit is available in Microsoft Support Document 240797.

If you have any questions related to this notification please contact the Global Support & Services team at support@iconics.com.

US-CERT Addendum

Refer to the release notes included in http://www.iconics.com/support/free_tools/FreeToolsActiveX_DlgWrapperHotFix.zip.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2008 by US-CERT, a government organization
Disclaimers and copyright information