WibuKey Runtime WkWin32.dll module DisplayMessageDialog overflow
Added: 12/27/2012BID: 56678
OSVDB: 87881
Background
WibuKey is a software protection and licensing solution.Problem
A vulnerability in the WkWin32.dll ActiveX control in WibuKey Runtime allows command execution when a web page calls the DisplayMessageDialog method with a long, specially crafted parameter.Resolution
Upgrade to WibuKey 6.10 or higher.References
http://secunia.com/advisories/49987/Limitations
Exploit works on WibuKey Runtime 6.00f on Windows XP SP3 English (DEP OptIn) and requires a user to open the exploit page in Internet Explorer 7.Platforms
WindowsBack to exploit index