ID
VAR-E-201109-0167
TITLE
ICONICS IcoSetServer ActiveX Control Trusted Zone Vulnerability
Trust: 0.3
DESCRIPTION
ICONICS IcoSetServer ActiveX control is prone to a vulnerability that can allow an attacker to insert an arbitrary domain into the Trusted Zone.
A successful exploit will result in the addition of an arbitrary attacker-supplied domain into the Trusted Zone of the browser. This may potentially allow for the execution of arbitrary code.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | iconics | model: | genesis32 | scope: | eq | version: | 9.21.201.01 | Trust: 0.3 |
| vendor: | iconics | model: | genesis32 | scope: | eq | version: | 9.21 | Trust: 0.3 |
| vendor: | iconics | model: | genesis32 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | iconics | model: | bizviz | scope: | eq | version: | 9.21 | Trust: 0.3 |
| vendor: | iconics | model: | genesis32 | scope: | ne | version: | 9.22 | Trust: 0.3 |
| vendor: | iconics | model: | bizviz | scope: | ne | version: | 9.22 | Trust: 0.3 |
EXPLOIT
To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted web page.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Design Error
Trust: 0.3
CREDITS
Billy Rios and Terry McCorkle
Trust: 0.3
EXTERNAL IDS
| db: | ICS CERT | id: | ICSA-11-182-01 | Trust: 0.3 |
| db: | BID | id: | 49406 | Trust: 0.3 |
REFERENCES
| url: | http://www.us-cert.gov/control_systems/pdf/icsa-11-182-01.pdf | Trust: 0.3 |
| url: | http://www.iconics.com/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 49406 |
LAST UPDATE DATE
2022-07-27T09:33:10.302000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 49406 | date: | 2015-03-19T08:52:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 49406 | date: | 2011-09-01T00:00:00 |