Notified:  December 04, 2006 Updated: January 10, 2007

Status

Affected

Vendor Statement

ICONICS is dedicated to continuous improvement of product quality and reliability. Background The ICONICS Dialog Wrapper Module ActiveX control is included with ICONICS OPC-enabled visualization tools, such as the Gauge, Switch, and Vessel ActiveX controls. Under very specific conditions, this control allows a stack-based buffer overflow to occur. Resolution Immediately after being alerted to this vulnerability, ICONICS issued a hot fix to address this issue. It can be downloaded via the link below. It is recommended that all users apply the hot fix provided or disable the ICONICS Dialog Wrapper Module ActiveX control in Internet Explorer. This hot fix (for all versions and applications) can be downloaded here: http://www.iconics.com/support/free_tools/FreeToolsActiveX_DlgWrapperHotFix.zip. The ICONICS Dialog Wrapper Module ActiveX control can be disabled in Internet Explorer by setting the kill bit for the following CLSID: {9D6BD878-B8EB-47E5-AB1C-87D74173BAAA} More information about how to set the kill bit is available in Microsoft Support Document 240797. If you have any questions related to this notification please contact the Global Support & Services team at support@iconics.com.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Refer to the release notes included in http://www.iconics.com/support/free_tools/FreeToolsActiveX_DlgWrapperHotFix.zip.