The site-locking implementation in the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance relies on a list of server domain names to restrict execution of ActiveX controls, which makes it easier for man-in-the-middle malicious users to execute arbitrary code via a DNS hijacking attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
consona consona live assistance |
||
consona consona dynamic agent - |
||
consona consona subscriber assistance |