10849 matches found
CVE-1999-0669
The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy...
CVE-2019-12811
ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to execute arbitrary command via the ShellOpen method. This can be leveraged for code execution...
📄 FastAPI‑Based Delivery Server Proof of Concept
This proof of concept demonstrates how legacy ActiveX objects in Internet Explorer can be invoked automatically when a crafted HTML payload is delivered by a minimal HTTP server. The proof of concept shows automatic execution attempts using WScript.Shell and Shell.Application without additional...
CVE-2021-47705
COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper boundary validation in CNCCtrl.dll to cause heap...
EUVD-2021-34734
COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper boundary validation in CNCCtrl.dll to cause heap...
EUVD-2021-34726
COMMAX WebViewer ActiveX Control 2.1.4.5 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit boundary errors in CommaxWebViewer.ocx to cause buffer overflow condition...
CVE-2021-47705
COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper boundary validation in CNCCtrl.dll to cause heap...
CVE-2021-47719 CNC_Ctrl DllUnregisterServer f5501 Access Violation
COMMAX WebViewer ActiveX Control 2.1.4.5 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit boundary errors in CommaxWebViewer.ocx to cause buffer overflow condition...
CVE-2021-47719
CVE-2021-47719 affects COMMAX WebViewer ActiveX Control 2.1.4.5. The root cause is a buffer overflow in Commax_WebViewer.ocx triggered by processing excessively long string arrays across multiple functions, enabling potentially arbitrary code execution. Documents consistently describe boundary er...
CVE-2021-47705
The vulnerability CVE-2021-47705 affects COMMAX UMS Client ActiveX Control 1.7.0.2. The root cause is a heap-based buffer overflow in CNC_Ctrl.dll, resulting from improper boundary validation. An attacker can supply excessively long string arrays through multiple functions to trigger heap corrupt...
CVE-2021-47705 CNC_Ctrl DllUnregisterServer Access Violation
COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper boundary validation in CNCCtrl.dll to cause heap...
PT-2025-50235
Name of the Vulnerable Software and Affected Versions COMMAX UMS Client ActiveX Control version 1.7.0.2 Description The COMMAX UMS Client ActiveX Control contains a heap-based buffer overflow issue. An attacker can execute arbitrary code by supplying overly long string arrays through multiple...
COMMAX WebViewer ActiveX Control 缓冲区错误漏洞
COMMAX WebViewer ActiveX Control is a browser plug-in from the Korean company COMMAX. A buffer error vulnerability exists in COMMAX WebViewer ActiveX Control version 2.1.4.5, which stems from a buffer overflow issue in CommaxWebViewer.ocx that could lead to the execution of arbitrary code...
CVE-2022-4983
TEC-IT TBarCode version 11.15 contains a vulnerability in the TBarCode11.ocx ActiveX/OCX control's licensing handling INI-file based that can be abused to cause remote creation of files on the host filesystem. Depending on where files can be created and which filenames are allowed, this can allow...
CVE-2017-20211
UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. This is because it exposes a RotateShape method that dereferences a user-supplied pointer without sufficient validation. A crafted input may...
CVE-2022-4983
TEC-IT TBarCode version 11.15 contains a vulnerability in the TBarCode11.ocx ActiveX/OCX control's licensing handling INI-file based that can be abused to cause remote creation of files on the host filesystem. Depending on where files can be created and which filenames are allowed, this can allow...
CVE-2022-4983 TEC-IT TBarCode SDK 11.15 Remote File Create
TEC-IT TBarCode version 11.15 contains a vulnerability in the TBarCode11.ocx ActiveX/OCX control's licensing handling INI-file based that can be abused to cause remote creation of files on the host filesystem. Depending on where files can be created and which filenames are allowed, this can allow...
CVE-2017-20211 UCanCode E-XD++ Visualization Enterprise Suite Untrusted Pointer Dereference RCE
UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. This is because it exposes a RotateShape method that dereferences a user-supplied pointer without sufficient validation. A crafted input may...
PT-2025-46727
UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. This is because it exposes a RotateShape method that dereferences a user-supplied pointer without sufficient validation. A crafted input may...
PT-2025-46731
Name of the Vulnerable Software and Affected Versions TEC-IT TBarCode version 11.15 Description The TBarCode11.ocx ActiveX/OCX control in version 11.15 has a flaw in its licensing handling, which relies on INI-files. This can be exploited to remotely create files on the host filesystem. Depending...