WibuKey Runtime WkWin32.dll module DisplayMessageDialog overflow

Added: 12/27/2012
BID: 56678
OSVDB: 87881

Background

WibuKey is a software protection and licensing solution.

Problem

A vulnerability in the WkWin32.dll ActiveX control in WibuKey Runtime allows command execution when a web page calls the DisplayMessageDialog method with a long, specially crafted parameter.

Resolution

Upgrade to WibuKey 6.10 or higher.

References

http://secunia.com/advisories/49987/

Limitations

Exploit works on WibuKey Runtime 6.00f on Windows XP SP3 English (DEP OptIn) and requires a user to open the exploit page in Internet Explorer 7.

Platforms

Windows

Back to exploit index