Viscom Software Image Viewer ActiveX TIFMergeMultiFiles Vulnerability

Added: 11/28/2011
BID: 50712


Viscom Image Viewer CP is an image viewer ActiveX control that supports many popular image file formats, zoom in, zoom out, panning, auto zoom and auto scrolling when drawing the selection rectangle.


The ImageViewer2.OCX ActiveX control in Image Viewer CP Pro/Gold SDK is vulnerable to a stack buffer overflow. Successful remote attackers could execute arbitrary code by passing a long argument to the TIFMergeMultiFiles method. Unsuccessful attacks will probably result in denial of service.


Upgrade when a fix becomes available, or set the kill bit for Class ID E589DA78-AD4C-4FC5-B6B9-9E47B110679E as described in Microsoft Knowledge Base Article 240797.



Exploit works on Viscom Software Image Viewer CP Gold ActiveX Control 7.3.

The target user needs to load the exploit page in Internet Explorer 8.



Back to exploit index