Some vulnerabilities have been reported in the Consona SdcUser.TgConCtl ActiveX control, which potentially can be exploited by malicious people to compromise a user's system.
1) The SdcUser.TgConCtl ActiveX control (tgctlcm.dll) provides certain dangerous methods (e.g. "RunCmd()", "Install()", and "HTTPDownloadFile()".
2) A buffer overflow exists within the "RunCmd()" method of the SdcUser.TgConCtl ActiveX control.
Successful exploitation of the vulnerabilities allows execution of arbitrary code, but requires that the attacker e.g. conducts DNS poisoning or cross-site scripting attacks as the ActiveX control is site-locked and can only be scripted from a trusted domain.
Solution: Set the kill-bit for the affected ActiveX control.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Consona SdcUser.TgConCtl ActiveX Control Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.