1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: CYME ChartFX Client Server Remote Code Execution

Web Attack: CYME ChartFX Client Server Remote Code Execution

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a remote code execution in CYME ChartFX Client Server ActiveX Control.

Additional Information

CYME ChartFX Client Server ActiveX Control is prone to a remote code-execution vulnerability due to an indexing error in the 'ShowPropertiesDialog()' method of the ChartFX ActiveX Control. Specifically, the issue affects the 'pageNumber' parameter of the 'ChartFX.ClientServer.Core.dll' file.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer).

Affected

  • CYME ChartFX Client Server

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube