Touch22 Image22 ActiveX Control Buffer Overflow
Added: 09/13/2010BID: 41547
Background
Touch22 Software Image22 ActiveX enables dynamic graphic creation and image manipulation from within an application.Problem
Touch22 Software Image22 ActiveX Control 1.1.1 is vulnerable to buffer overflow due to a boundary error when handling the function call DrawIcon() with an overly long parameter. A remote attacker can leverage this vulnerability by enticing a target user to open a crafted HTML page.Resolution
Upgrade or apply a patch when the vendor releases one. In the interim, the Image22 ActiveX control can be disabled by following Microsoft's instructions at http://support.microsoft.com/kb/240797 to disable clsid:1DC09FDF-2EF8-4CE9-ADEA-4D6A98A2F779.References
http://www.securityfocus.com/bid/41547Limitations
Exploit works on Touch22 Image22 1.1.1 and requires the user to load the exploit page in Internet Explorer 6 or 7.Platforms
WindowsBack to exploit index