1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Symantec WinFax Pro ActiveX Invalid Instantiation

HTTP Symantec WinFax Pro ActiveX Invalid Instantiation

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to instantiate the Symantec WinFax Pro ActiveX control in a browser.

Additional Information

Symantec WinFax Pro is a faxing application available for Microsoft Windows.

The application is prone to a heap-based buffer-overflow vulnerability. Specifically, this issue stems from a boundary condition in the 'AppendFax()' function of the 'DCCFAXVW.DLL' ActiveX control. By passing an overly long string to the property, an attacker can trigger a heap-based buffer overflow.

The ActiveX control is identified by CLSID:

{C05A1FBC-1413-11D1-B05F-00805F4945F6}

The attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

Symantec WinFax Pro 10.03 is vulnerable; other versions may also be affected.

Affected

  • Symantec WinFax Pro 10.03 is vulnerable; other versions may also be affected.

Response

Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

NOTE: The vendor discontinued support for this software in 2006. Updates will not be released. Users concerned about this issue are advised to set the kill bit for the affected control.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube