Touch22 Image22 ActiveX Control Buffer Overflow

Added: 09/13/2010
BID: 41547

Background

Touch22 Software Image22 ActiveX enables dynamic graphic creation and image manipulation from within an application.

Problem

Touch22 Software Image22 ActiveX Control 1.1.1 is vulnerable to buffer overflow due to a boundary error when handling the function call DrawIcon() with an overly long parameter. A remote attacker can leverage this vulnerability by enticing a target user to open a crafted HTML page.

Resolution

Upgrade or apply a patch when the vendor releases one. In the interim, the Image22 ActiveX control can be disabled by following Microsoft's instructions at http://support.microsoft.com/kb/240797 to disable clsid:1DC09FDF-2EF8-4CE9-ADEA-4D6A98A2F779.

References

http://www.securityfocus.com/bid/41547

Limitations

Exploit works on Touch22 Image22 1.1.1 and requires the user to load the exploit page in Internet Explorer 6 or 7.

Platforms

Windows

Back to exploit index