Unitronics VisiLogic ActiveX Control Multiple Remote Code Execution Vulnerabilities

Unitronics VisiLogic is prone to multiple remote code-execution vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions.

The affected ActiveX control is identified by CLSID: 3D6F2DBA-F4E5-40A6-8725-E99BC96CC23A.

Note: This issue was previously titled 'Unitronics VisiLogic ActiveX Control Security Bypass and Arbitrary Code Injection Vulnerabilities'. The title and technical details have been changed to better reflect the underlying component affected.

Unitronics VisiLogic 9.8.0.00 and prior versions are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus