1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP BlackIce TIFF SDK ActiveX BO


Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects attempt to exploit a buffer overflow vulnerability by passing long arguments into a method of Black Ice TIFF SDK/ActiveX 'BiTiff.dll' ActiveX Control.

Additional Information

Black Ice Software TIFF SDK/ActiveX is a toolkit that includes a set of libraries for adding TIFF processing capabilities to applications. This toolkit is also a part of the Document Imaging SDK/ActiveX development toolkit.

The application is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. The vulnerability affects the 'SetByteOrder' method of the 'BiTiff.dll' ActiveX control identified by CLSID: 2324B5B7-D3EF-464C-BB35-06EFF8F11EB3.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.


  • BiTiff.dll is vulnerable; other versions may also be affected.


Download and install all vendor patches application to this vulnerability.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube