Viscom Software Image Viewer ActiveX TIFMergeMultiFiles Vulnerability

Added: 11/28/2011
BID: 50712

Background

Viscom Image Viewer CP is an image viewer ActiveX control that supports many popular image file formats, zoom in, zoom out, panning, auto zoom and auto scrolling when drawing the selection rectangle.

Problem

The ImageViewer2.OCX ActiveX control in Image Viewer CP Pro/Gold SDK is vulnerable to a stack buffer overflow. Successful remote attackers could execute arbitrary code by passing a long argument to the TIFMergeMultiFiles method. Unsuccessful attacks will probably result in denial of service.

Resolution

Upgrade when a fix becomes available, or set the kill bit for Class ID E589DA78-AD4C-4FC5-B6B9-9E47B110679E as described in Microsoft Knowledge Base Article 240797.

References

http://www.exploit-db.com/exploits/15668/

Limitations

Exploit works on Viscom Software Image Viewer CP Gold ActiveX Control 7.3.

The target user needs to load the exploit page in Internet Explorer 8.

Platforms

Windows

Back to exploit index