ICONICS Dialog Wrapper Module ActiveX control vulnerable to buffer overflow
From SCADApedia
Contents |
Vulnerability
The ICONICS Dialog Wrapper Module ActiveX control is vulnerable to a buffer overflow. The vulnerability is due to improper bounds checking in the “DoModal()” method located in the Dialog Wrapper Module ActiveX control (dlgwrapper.dll). A long FileName or Filter argument can be passed to the “DoModal()” method causing a stack-based buffer overflow.
Will Dormann discovered this vulnerability.
Affected Systems
dlgwrapper.dll 8.0.138.0
ICONICS Gauge ActiveX 8.X
ICONICS Switch ActiveX 8.X
ICONICS Vessel ActiveX 8.X
Impact
An attacker craft a malicious HTML page and target a machine containing the Dialog Wrapper Module ActiveX control. The HTML page could remotely execute code on the system, possibly opening a shell, disrupting processes or crashing certain applications. While the vulnerability is quite serious, it requires technical skills, crafting the HTML to cause the buffer to overflow a certain way, and a user willing to open the HTML file.
Detection
Perform a system search for dlgwrapper.dll. View the properties of the dlgwrapper.dll file and select the Version tab. The first line should display the version number of the file. If the version is older than 8.4.166.0, the system is vulnerable.
Remediation
Apply the hot fix, listed below, that was released by ICONICS.
Use the Internet Options located in the Control Panel to disable ActiveX controls for the Internet zone. See the “Securing Your Web Browser” link below.
Disable the Dialog Wrapper Module object in Internet Explorer by setting the the kill bit, see link below, for the following CLSID: {9D6BD878-B8EB-47E5-AB1C-87D74173BAAA}
