SupportSoft tgctlsi.dll ActiveX control buffer overflow

Added: 03/15/2007
CVE: CVE-2006-6490
BID: 22564
OSVDB: 33481


SupportSoft ActiveX controls are used by third-party products to provide remote technical support.


SupportSoft ActiveX controls are affected by multiple buffer overflow vulnerabilities which can lead to command execution when a user loads a specially crafted web page.


Symantec users can use LiveUpdate to patch the system as described in SYM07-002.

In general, the vulnerability can be fixed as described in the SupportSoft Security Update.



Exploit works on SupportSoft tgctlsi Module Build 6.9.545.0.

There may be a delay before the exploit succeeds due to the amount of memory required.

tgctlsi.dll must be registered in order for the exploit to succeed. This may or may not be registered automatically by the product which contains SupportSoft. The following command registers tgctlsi.dll manually:

regsvr32 <path>/tgctlsi.dll



Back to exploit index