SigPlus.ocx ActiveX Control Vulnerabilities


Overview

The SigPlus Pro ActiveX control distributed with all Access It! Universal versions 4.1.9 and older, used for electronic signature integration with Topaz signature pads, is earlier than 4.29. Such versions reportedly are affected by the following vulnerabilities :

- The 'SetLogFilePath()' method allows creation of a log file in a specified location, potentially with content controlled by an attacker through, for example, the 'SigMessage()' method. (CVE-2011-0323)

- Boundary errors when processing the 'KeyString' property and when handling the 'SetLocalIniFilePath()' and 'SetTablePortPath()' methods can be exploited to cause a heap-based buffer overflow. (CVE-2011-0324)

More Information
The above vulnerabilities will be resolved in Access It! Universal version 4.1.15 and later. These vulnerabilities can also be resolved by replacing the existing SigPlus.ocx with the attached file.

  1. Navigate to C:\Windows\SysWOW64 and locate SigPlus.ocx
  2. Manually unregister the existing SigPlus.ocx
  3. Rename the unregistered SigPlus.ocx to SigPlus.ocx.old
  4. Place the attached SigPlus.ocx in the C:\Windows\SysWOW64 directory
  5. Manually register the new SigPlus.ocx file.

  • 405
  • 14-Mar-2018
  • 3702 Views

Attachments