You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
Home > Integrations > SigPlus.ocx ActiveX Control Vulnerabilities
SigPlus.ocx ActiveX Control Vulnerabilities
print icon

Overview

The SigPlus Pro ActiveX control distributed with all Access It! Universal versions 4.1.9 and older, used for electronic signature integration with Topaz signature pads, is earlier than 4.29. Such versions reportedly are affected by the following vulnerabilities :

- The 'SetLogFilePath()' method allows creation of a log file in a specified location, potentially with content controlled by an attacker through, for example, the 'SigMessage()' method. (CVE-2011-0323)

- Boundary errors when processing the 'KeyString' property and when handling the 'SetLocalIniFilePath()' and 'SetTablePortPath()' methods can be exploited to cause a heap-based buffer overflow. (CVE-2011-0324)

More Information
The above vulnerabilities will be resolved in Access It! Universal version 4.1.15 and later. These vulnerabilities can also be resolved by replacing the existing SigPlus.ocx with the attached file.

  1. Navigate to C:\Windows\SysWOW64 and locate SigPlus.ocx
  2. Manually unregister the existing SigPlus.ocx
  3. Rename the unregistered SigPlus.ocx to SigPlus.ocx.old
  4. Place the attached SigPlus.ocx in the C:\Windows\SysWOW64 directory
  5. Manually register the new SigPlus.ocx file.

Attachments

SigPlus.ocx
scroll to top icon