The SigPlus Pro ActiveX control distributed with all Access It! Universal versions 4.1.9 and older, used for electronic signature integration with Topaz signature pads, is earlier than 4.29. Such versions reportedly are affected by the following vulnerabilities :
- The 'SetLogFilePath()' method allows creation of a log file in a specified location, potentially with content controlled by an attacker through, for example, the 'SigMessage()' method. (CVE-2011-0323)
- Boundary errors when processing the 'KeyString' property and when handling the 'SetLocalIniFilePath()' and 'SetTablePortPath()' methods can be exploited to cause a heap-based buffer overflow. (CVE-2011-0324)
The above vulnerabilities will be resolved in Access It! Universal version 4.1.15 and later. These vulnerabilities can also be resolved by replacing the existing SigPlus.ocx with the attached file.