CVE-2011-0323

Name of the Vulnerable Software and Affected Versions Topaz Systems SigPlus Pro ActiveX Control versions 3.95 through 4.28

Description The issue allows remote attackers to execute arbitrary code by calling exposed unsafe methods. Specifically, the (1) SetLogFilePath and (2) SigMessage methods can be used to create arbitrary files with arbitrary content.

Recommendations For versions 3.95 through 4.28, update to version 4.29 or later to resolve the issue. As a temporary workaround, consider disabling the SetLogFilePath and SigMessage methods until a patch is available. Restrict access to these methods to minimize the risk of exploitation.