This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects an attempt to exploit a buffer in the VImpX ActiveX control by checking for large arguments being passed in by a specially crafted website.
VImpX is an ActiveX control that imports data into a variety of industry standard databases from flat files, cross tables, or ODBC data sources.
The 'VImpX.ocx' ActiveX control shipped with the VImpX application is prone to a buffer-overflow vulnerability. Specifically, the CLSID of '7600707B-9F47-416D-8AB5-6FD96EA37968' fails to properly sanitize user-supplied input to the 'Logfile' parameter in the 'VImpX.ocx' ActiveX component. By passing an inordinately long string as input to the affected method, an attacker can trigger a stack-based buffer overflow.
Invoking the object from a malicious website or HTML email may trigger this condition. A successful attack would corrupt process memory, allowing arbitrary code to run in the context of the client application using the affected ActiveX control.
- VImpX 18.104.22.168 on Windows XP Service Pack 2 is reported vulnerable to this issue; other products may be vulnerable as well.
Download and install all vendor patches related to this vulnerability.