1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MSIE Image22 ActiveX BO

HTTP MSIE Image22 ActiveX BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a buffer overflow vulnerability in the ActiveX control of Image22 which may result in remote code execution.

Additional Information

Image22 ActiveX is an application to create images for Microsoft Windows.

The application is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. The vulnerability affects the 'DrawIcon()' method of the ActiveX control identified by CLSID:

1DC09FDF-2EF8-4CE9-ADEA-4D6A98A2F779

An attacker can exploit this issue to execute arbitrary code within the context of the application, typically Internet Explorer, that uses the ActiveX control. Failed exploit attempts will result in denial-of-service conditions.

Image22 ActiveX version 1.1.1 is vulnerable; other versions may also be affected.

Affected

  • Touch22 Image22 ActiveX 1.1.1 0

Response

Currently we are not aware of any vendor-supplied patches.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube