This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit a heap based buffer overflow vulnerability in Advantech Studio ISSymbol ActiveX Control.
Advantech Studio is an integrated collection of automation tools.
The Advantech Studio ISSymbol ActiveX control ('ISSymbol.ocx') is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate checks on user-supplied input.
1. A heap-based buffer-overflow vulnerability occurs while processing an overly large string in the 'InternationalOrder' property.
2. A heap-based buffer-overflow vulnerability occurs while processing an overly large string in the 'InternationalSeparator' property.
3. A stack-based buffer-overflow vulnerability occurs while handling an overly large string in the 'bstrFileName' parameter of the 'OpenScreen()' function.
4. A stack-based buffer-overflow vulnerability occurs while processing an overly large string in the 'LogFileName' property during the creation of a log file.
Attackers may exploit these issues to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.
- Advantech Studio 6.1 SP6 Build 61.6.01.05 is vulnerable; other versions may also be affected.