Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Archive > 2018Jan2 - Deletes > Remote Code Execution Vulnerability detected in Pepco32c.ocx

Remote Code Execution Vulnerability detected in Pepco32c.ocx

Created by Chris Foley, last modified by Kevin.Swinson on Jan 02, 2018

Views: 776 Votes: 0 Revisions: 5

Overview

This article discusses the SAM Pepco32c.ocx Remote Code Execution vulnerability and describes how to address this vulnerability.

Environment

  • SAM 6.0
  • NPM 10.6

Cause 

Pepco32c.ocx is a third-party application previously used to build pie charts within Orion. The vulnerability exists due to insufficient bound checks on user-supplied input by the affected software. An attacker could exploit this vulnerability to execute arbitrary code in the context of the application using the ActiveX control Pepco32c.ocx. An exploit could allow an attacker to execute arbitrary code or cause a denial of service (DoS) condition.

Resolution

The security vulnerability is known to be fixed in the following applications versions as the third-party application is longer used:

  • NPM 10.6.1
  • SAM 6.0.2

To fix the issue, upgrade to these versions or higher.

Note: If you are already running version higher than these versions, delete the following file as it is no longer required:

C:\Program Files\Common Files\SolarWinds\Pepco32c.ocx

 

 

Last modified

Tags

Classifications

Public