📄 FastAPI‑Based Delivery Server Proof of Concept

This proof of concept demonstrates how legacy ActiveX objects in Internet Explorer can be invoked automatically when a crafted HTML payload is delivered by a minimal HTTP server. The proof of concept shows automatic execution attempts using WScript.Shell and Shell.Application without additional...

EUVD-2010-1931

Malware in sbrugna...

CVE-2005-2054

Unknown vulnerability in RealPlayer 10 and 10.5 6.0.12.1040-1069 and RealOne Player v1 and v2 allows remote attackers to overwrite arbitrary files or execute arbitrary ActiveX controls via a crafted MP3 file...

CVE-2010-1912

The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via "instantiation/free attacks."...

CVE-2010-1913

The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that include...

Double free

The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via "instantiation/free attacks."...

CVE-2010-1913

The CVE-2010-1913 issue affects the SdcWebSecureBase interface’s tgctlcm.dll used by Consona Live Assistance, Dynamic Agent, and Subscriber Assistance. When plugins/clients are downloaded from a Telefonica-operated server (or similar), its default pluginlicense.ini contains an incorrect DNS white...

CVE-2010-1912

The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via "instantiation/free attacks."...

CVE-2010-1913

The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that include...

RealPlayer multiple vulnerabilities

Heap overflow on RealText format parsing. Heap overflow on AVI files parsing. Possibility to overwrite local files, ActiveX execution from MP3 file...

CVE-2001-0090

The Print Templates feature in Internet Explorer 5.5 executes arbitrary custom print templates without prompting the user, which could allow an attacker to execute arbitrary ActiveX controls, aka the "Browser Print Template" vulnerability...

CVE-1999-0537

A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc...