PT-2010-4418 · Topaz Systems · Sigplus Pro

Published

2010-08-04

Updated

2017-09-19

CVE-2010-2931

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SigPlus Pro version 3.74

Description The issue is related to a stack-based buffer overflow in the SigPlus Pro ActiveX control. This occurs when a long eighth argument, specifically the HexString, is passed to the LCDWriteString method, allowing remote attackers to execute arbitrary code.

Recommendations For SigPlus Pro version 3.74, consider disabling the LCDWriteString method until a patch is available to prevent potential exploitation. Restrict access to the SigPlus Pro ActiveX control to minimize the risk of arbitrary code execution. Avoid using the HexString argument in the LCDWriteString method until the issue is resolved.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2010-2931

Affected Products

Sigplus Pro

PT-2010-4418 · Topaz Systems · Sigplus Pro

CVE-2010-2931

Weakness Enumeration

Related Identifiers

Affected Products

References · 6