Release DateJan 05, 2012 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a Buffer Overflow vulnerability in Symantec WinFax.The vulnerability is in DCCFAXVW.DLL, an ActiveX control used in Symantec WinFax Pro, and is caused when the software handles malformed user-supplied input. A remote attacker may exploit this to execute arbitrary code. |
Affected ProductsSymantec WinFax Pro 10.03 is vulnerable.other versions may also be affected. |
Recommended ActionsSet the ActiveX kill bit. The vendor discontinued support for this software in 2006. Updates will not be released. |
Coverage IPS
VCM |
Reference/shttp://www.securityfocus.com/bid/34766 (BugTraq) |
