CYME ChartFX ActiveX ShowPropertiesDialog pageNumber indexing error

Added: 12/17/2012
BID: 55765
OSVDB: 85894

Background

The CYME Power Engineering Software is a suite of applications for power engineers. It includes the ChartFX ActiveX control.

Problem

An indexing error in ChartFX.ClientServer.Core.dll of the ChartFX ActiveX Control allows command execution when a web page calls the ShowPropertiesDialog method with a specially crafted pageNumber parameter.

Resolution

Set the kill bit on the ChartFX ActiveX control (class ID E9DF30CA-4B30-4235-BF0C-7150F646606C) as described in Microsoft Knowledge Base Article 240797.

References

http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=62&Itemid=62

Limitations

Exploit works on CYME Distribution System Analysis 5.0 and requires a user to open the exploit page in Internet Explorer 8 or 9.

Platforms

Windows

Back to exploit index