1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP BlackIce Annotation SDK ActiveX BO

HTTP BlackIce Annotation SDK ActiveX BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a buffer overflow vulnerability by passing long arguments into a method of Black Ice 'BiAnno.ocx' Annotation SDK/ActiveX Control which may result in remote code execution.

Additional Information

Black Ice Annotation SDK/ActiveX Control is a toolkit used to add data to TIFF image files.

Annotation SDK/ActiveX Control is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate size checks on user-supplied input.

The vulnerability affects the 'AnnoSaveToTiff()' method of the ActiveX control identified by CLSID: B27DC3CE-FF81-4DCF-9B80-0E69D61BED2A.

When 524 bytes or more of data are passed to the method, adjacent memory will become corrupted.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

Affected

  • This issue affects Annotation SDK/ActiveX Control provided by 'BiAnno.ocx' 10.9.5; other versions may also be affected.

Response

Download and install all vendor patches related to this vulnerability.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube