CVE-2006-6488 – ICONICS Vessel / Gauge / Switch 8.02.140 - ActiveX Buffer Overflow

https://notcve.org/view.php?id=CVE-2006-6488

Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument. Desbordamiento de búfer basado en pila en la función DoModal en el control de ActiveX Dialog Wrapper Module (DlgWrapper.dll) anterior a la 8.4.166.0, como el utilizado en el ICONICS OPC Enabled Gauge, Switch y Vessel ActiveX, permite a atacantes remotos la ejecución de código mediante un argumento largo en el (1) FileName or (2) Filter. • https://www.exploit-db.com/exploits/6570 http://osvdb.org/32552 http://secunia.com/advisories/23583 http://www.kb.cert.org/vuls/id/251969 http://www.securityfocus.com/bid/21849 http://www.vupen.com/english/advisories/2007/0025 https://exchange.xforce.ibmcloud.com/vulnerabilities/31228 •