Iconics, Inc. Information for VU#251969
ICONICS Dialog Wrapper Module ActiveX control vulnerable to buffer overflow
- Vendor Information Help Date Notified: 04 Dec 2006
- Statement Date:
- Date Updated: 10 Jan 2007
ICONICS is dedicated to continuous improvement of product quality and reliability.
The ICONICS Dialog Wrapper Module ActiveX control is included with ICONICS OPC-enabled visualization tools, such as the Gauge, Switch, and Vessel ActiveX controls. Under very specific conditions, this control allows a stack-based buffer overflow to occur.
Immediately after being alerted to this vulnerability, ICONICS issued a hot fix to address this issue. It can be downloaded via the link below. It is recommended that all users apply the hot fix provided or disable the ICONICS Dialog Wrapper Module ActiveX control in Internet Explorer.
This hot fix (for all versions and applications) can be downloaded here:
The ICONICS Dialog Wrapper Module ActiveX control can be disabled in Internet Explorer by setting the kill bit for the following CLSID:
More information about how to set the kill bit is available in Microsoft Support Document 240797.
If you have any questions related to this notification please contact the Global Support & Services team at firstname.lastname@example.org.
We are not aware of further vendor information regarding this vulnerability.
Refer to the release notes included in http://www.iconics.com/support/free_tools/FreeToolsActiveX_DlgWrapperHotFix.zip.
If you have feedback, comments, or additional information about this vulnerability, please send us email.