Vulnerability Description
Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Iconics | Dialog Wrapper Module Activex Control | <= 8.4.165.0 |
References
- http://osvdb.org/32552
- http://secunia.com/advisories/23583Vendor Advisory
- http://www.kb.cert.org/vuls/id/251969Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/21849
- http://www.vupen.com/english/advisories/2007/0025
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31228
- http://osvdb.org/32552
- http://secunia.com/advisories/23583Vendor Advisory
- http://www.kb.cert.org/vuls/id/251969Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/21849
- http://www.vupen.com/english/advisories/2007/0025
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31228
FAQ
What is CVE-2006-6488?
CVE-2006-6488 is a vulnerability with a CVSS score of 7.5 (HIGH). Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, al...
How severe is CVE-2006-6488?
CVE-2006-6488 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6488?
Check the references section above for vendor advisories and patch information. Affected products include: Iconics Dialog Wrapper Module Activex Control.