Detections
Analytics
SigPlus Pro ActiveX Control < 4.29 Multiple Vulnerabilities
high Nessus Plugin ID 51895
Language:
Synopsis
The remote Windows host has an ActiveX control that is affected by multiple vulnerabilities.Description
The SigPlus Pro ActiveX control, used for electronic signature integration with Topaz signature pads and installed on the remote Windows host, is earlier than 4.29. Such versions reportedly are affected by the following vulnerabilities :- The 'SetLogFilePath()' method allows creation of a log file in a specified location, potentially with content controlled by an attacker through, for example, the 'SigMessage()' method. (CVE-2011-0323)
- Boundary errors when processing the 'KeyString' property and when handling the 'SetLocalIniFilePath()' and 'SetTablePortPath()' methods can be exploited to cause a heap-based buffer overflow. (CVE-2011-0324)
Solution
Upgrade to SigPlus Pro ActiveX version 4.29 or later as that reportedly addresses the issues.See Also
https://secuniaresearch.flexerasoftware.com/secunia_research/2011-1/
https://secuniaresearch.flexerasoftware.com/secunia_research/2011-2/
Plugin Details
Severity: High
ID: 51895
File Name: sigplus_activex_4_29.nasl
Version: 1.7
Type: local
Agent: windows
Family: Windows
Published: 2/7/2011
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
Required KB Items: SMB/Registry/Enumerated
Exploit Ease: No known exploits are available
Patch Publication Date: 2/2/2011
Vulnerability Publication Date: 2/3/2011
Reference Information
CVE: CVE-2011-0323, CVE-2011-0324
BID: 46128
Secunia: 42800