Description
Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Kevin Finisterre · rubyremotewindows
https://www.exploit-db.com/exploits/6570
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/21849
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/251969
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/32552
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/31228
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23583
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0025
Scores
EPSS
0.2959
EPSS Percentile
96.6%
Details
Status
published
Products (1)
iconics/dialog_wrapper_module_activex_control
< 8.4.165.0
Published
Dec 31, 2006
Tracked Since
Feb 18, 2026