PT-2012-1405 · Viscom · Imageviewer2.Ocx+2

Dr_Ide

Published

2012-08-31

Updated

2017-08-29

CVE-2010-5193

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Viscom Image Viewer CP Pro version 8.0 Viscom Image Viewer Gold version 6.0

Description The issue is a stack-based buffer overflow in the TIFMergeMultiFiles function, located in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx). This allows remote attackers to execute arbitrary code via a long strDelimit parameter.

Recommendations For Viscom Image Viewer CP Pro version 8.0, consider disabling the TIFMergeMultiFiles function until a patch is available. For Viscom Image Viewer Gold version 6.0, restrict access to the SCRIBBLE.ScribbleCtrl.1 ActiveX control to minimize the risk of exploitation. Avoid using the strDelimit parameter in the affected ActiveX control until the issue is resolved.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2010-5193

Affected Products

Imageviewer2.Ocx

Viscom Image Viewer Cp Pro

Viscom Image Viewer Gold

PT-2012-1405 · Viscom · Imageviewer2.Ocx+2

CVE-2010-5193

Weakness Enumeration

Related Identifiers

Affected Products

References · 8