By invoking the Add() method is possible to call inside a memory region of choice set by the attacker through ex. heap spray or other techniques.
The D-Link SecuriCam DCS-5605 Network Surveillance ActiveX Control, specifically the DcsCliCtrl.dll, is vulnerable to a remote buffer overflow due to an unsafe lstrcpyW() call. This vulnerability can be exploited by an attacker to execute arbitrary code on a target system.
The Quest InTrust 10.4.x ReportTree and SimpleTree classes in ArDoc.dll ActiveX Control allow arbitrary file creation and overwrite through the SaveToFile method. This vulnerability can be exploited to remotely execute code if the attacker can control the file content.
This module exploits a buffer overflow in UltraVNC Viewer 1.0.2 Release. If a malicious server responds to a client connection indicating a minor protocol version of 14 or 16, a 32-bit integer is subsequently read from the TCP stream by the client and directly provided as the trusted size for further reading from the TCP stream into a 1024-byte character array on the stack.
The SetSource() method in the PlayerPT ActiveX Control Module is vulnerable to a buffer overflow. This can be exploited by an attacker to execute arbitrary code or cause a denial of service condition.
By crafting a link a remote user can inject custom command line parameters.
This exploit allows unauthorized access to the D-Link DIR-605 device and perform post injections.
The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploited to cause a buffer overflow when a user opens e.g. a specially crafted .TMD file. Successful exploitation may allow execution of arbitrary code.
The 2X ApplicationServer 10.1 TuxSystem ActiveX control allows unsecure file operations (read/write) through the ExportSettings method. By passing an existing file path to ExportSettings, an attacker can overwrite the file with arbitrary content.
The 2X Client for RDP 10.1.1204 ActiveX Control allows remote attackers to download and execute arbitrary files by specifying a URL of a .msi installer in the InstallClient method, leading to remote code execution without user interaction.
Services By CQR