CVE-2021-47705 CNC_Ctrl DllUnregisterServer Access Violation

COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper boundary validation in CNCCtrl.dll to cause heap...

Adobe Flash Zero-Day Leveraged Via Office Docs in Campaign

An Adobe Flash Player zero-day exploit has been spotted in the wild as part of a widespread campaign, researchers said on Wednesday. Adobe has just issued a patch for the previously unknown critical flaw. The vulnerability, CVE-2018-15982, is a use-after-free flaw enabling arbitrary code executio...

iDefense COMRaider Active X Control 'write()' Arbitrary File Overwrite Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/33942/info iDefense COMRaider ActiveX control is prone to a vulnerability that lets attackers overwrite arbitrary local files on the victim's computer in the context of the vulnerable application using the ActiveX control...

HP Photo Creative 2.x Active-X Control Buffer Overflow

//add user one, user "sun" pass "tzu" shellcode = unescape"%u03eb%ueb59%ue805%ufff8%uffff%u4949%u3749%u4949" + "%u4949%u4949%u4949%u4949%u4949%u4949%u5a51%u456a" + "%u5058%u4230%u4231%u6b41%u4141%u3255%u4241%u3241" + "%u4142%u4230%u5841%u3850%u4241%u6d75%u6b39%u494c" +...

VulnCheck KEV: CVE-2006-5559

The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects ADODB.Connection.2.7 and ADODB.Connection.2.8 in the Microsoft Data Access Components MDAC 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows...

CVE-2008-4586

Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control isusweb.dll 6.1.100.61372 in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the DownloadAndExecute method...

PT-2008-5213 · Unknown · Ultra Office Control

Name of the Vulnerable Software and Affected Versions: Ultra Office Control version 2.0.2008.801 Description: The issue is a stack-based buffer overflow in the Ultra.OfficeControl ActiveX control. This occurs when the strUrl, strFile, and strPostData parameters to the HttpUpload method are overly...

PT-2008-2565 · Backweb +1 · Backweb +1

Name of the Vulnerable Software and Affected Versions: BackWeb versions prior to 8.1.1.87 Logitech Desktop Manager versions prior to 2.56 Description: The issue is related to multiple stack-based buffer overflows in the BackWeb Lite Install Runner ActiveX control. This allows remote attackers to...

CVE-2007-6699

Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures YGP Picture Editor allow remote attackers to cause a denial of service browser crash via a long string in the 1 DisplayName, 2 FinalSavePath, 3 ForceSaveTo, 4 HiddenControls, 5...

Internet Explorer Heap Spray Shell Code Execution (MS06-055 MS06-067; CVE-2006-4446; CVE-2006-4777; CVE-2006-4868; CVE-2009-2991)

Heap spraying is a new and increasingly popular technique to exploit vulnerabilities in Internet browsers. Heap spraying is used by attackers to implant a shell code on a target system. Shell code is a piece of executable code that opens a command shell that the attacker can control remotely...

msie.5.dhtml.cuartango.txt

Date: Wed, 24 Mar 1999 12:11:09 +0100 From: Juan Carlos Garcia Cuartango To: [email protected] Subject: IE 5 security vulnerabilities Greetings, Microsoft delivers with IE 5 an Active X control called "DHTML Edit control Safe for Scripting for IE 5". In my opinion this control IS N...