Zero Day Initiative Advisory 11-172 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the uri parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
0c1f34fad469f2bfff8bea19c7eb5b6fMagneto ICMP ActiveX version 4.0.0.20 ICMPSendEchoRequest remote code execution exploit.
a657e43d78bac78e5fef921c4a4f6520This Metasploit module exploits a vulnerability found in ICONICS WebHMI's ActiveX control. By supplying a long string of data to the 'SetActiveXGUID' parameter, GenVersion.dll fails to do any proper bounds checking before this input is copied onto the stack, which causes a buffer overflow, and results arbitrary code execution under the context of the user.
f11343438dfb1690faea25b41bbf7127Secunia Security Advisory - A vulnerability has been discovered in ICONICS VersionInfo ActiveX control, which can be exploited by malicious people to compromise a user's system.
73d6fb7f05cb66e70bced3cce03b12f4ICONICS Genesis32 is a suite of OPC, SNMP, BACnet and Web-enabled HMI and SCADA applications. A stack overflow was found in an ActiveX control required by the WebHMI interface. This condition can be used to gain command execution. The affected control is 'GenVersion.dll' and has the ClassID of {CEFF5F48-BD2E-4D10-BAE5-AF729975E223}. This control is marked safe for scripting.
347ebf7b51aeb2cbff4dbe9ecd6446cdSecunia Security Advisory - Parvez Anwar has discovered a vulnerability in Data Dynamics ActiveBar ActiveX Control, which can be exploited by malicious people to compromise a user's system.
32f7d3465fd0484dbbae6b1a84eed06fSecunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in InduSoft ISSymbol ActiveX control, which can be exploited by malicious people to compromise a user's system.
d9971f80b201b9ed766cd6ff8e2c5321Secunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in Advantech Studio ISSymbol ActiveX control, which can be exploited by malicious people to compromise a user's system.
e920158c9bfaf737299aaae3bcbe3a52RealPlayer 11 Browser suffers from an active-x related arbitrary code execution vulnerability.
6ec097a57fd28952769763a08e9cab42The Gesytec ElonFmt active-x control module suffers from a buffer overflow vulnerability. When a large buffer is sent to the pid item of the GetItem1 function in the elonfmt.ocx module, a few memory registers get overwritten including the SEH. Proof of concept exploit included. Version 1.1.14 is affected.
58e5b0bf42b9c4fd21638b378021c108CA Technologies support is alerting customers to security risks associated with CA Output Management Web Viewer. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerabilities. The vulnerabilities are due to boundary errors in the UOMWV_HelperActiveX.ocx and PPSView.ocx ActiveX controls. A remote attacker can create a specially crafted web page to exploit the flaws and potentially execute arbitrary code.
bbeba246d3ce36be6a7d73c8e91b7577This Metasploit module exploits a vulnerability in Real Networks Arcade Game's ActiveX control. The "exec" function found in InstallerDlg.dll (v2.6.0.445) allows remote attackers to run arbitrary commands on the victim machine.
f1ee0f63d91f8cc6b0168cc0fbfa488cRealNetworks RealGames StubbyUtil.ShellCtl.1 active-x control InstallerDlg.dll version 2.6.0.445 suffers from remote command and code execution vulnerabilities.
8991b35d31c09f1f10bc4dde36e14059Secunia Security Advisory - Secunia Research has discovered a vulnerability in Honeywell ScanServer ActiveX Control, which can be exploited by malicious people to compromise a user's system.
a5e56bb3cbbd2d00d69fbec83926f86aSecunia Security Advisory - Alexander Gavrun has discovered a vulnerability in Edraw Office Viewer Component ActiveX control, which can be exploited by malicious people to compromise a user's system.
703e9f881615c26a8037fe9ab6bc7cedKingView version 6.5.3 SCADA related active-x exploit.
cf490f30ef094c615198e25a615d832eF-Secure Internet Security 2011 ActiveX denial of service proof of concept exploit.
730b69bbaeaa7cf7860c9946e0a3fa40Secunia Security Advisory - A vulnerability has been discovered in PIPI Player PIPIWebPlayer ActiveX control, which can be exploited by malicious people to compromise a user's system.
c87c3186cee121ac3f812646505aebf4Edraw Office Viewer component version 7.4 active-x related stack buffer overflow exploit.
cbda59e598c9219aa5a7fbcb04fa2bdfCA Technologies support is alerting customers to a security risk associated with CA Host-Based Intrusion Prevention System (HIPS). A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerability. The vulnerability is due to insecure method implementation in the XMLSecDB ActiveX control that is utilized in CA HIPS components and products. A remote attacker can potentially execute arbitrary code if he can trick a user into visiting a malicious web page or opening a malicious file. Versions prior to 8.1.0.88 are affected.
9551ac86c08c1110bdce359f65859c95Zero Day Initiative Advisory 11-093 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Internet Security Suite 2010. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the XMLSecDB ActiveX control which is installed with HIPSEngine component. SetXml and Save methods are implemented insecurely and can allow creation of an arbitrary file on the victim's system. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.
b8e041bac81fa25b0368170c3fca20f9Zero Day Initiative Advisory 11-092 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Secure Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within CSDWebInstaller.ocx. The CSDWebInstallerCtrl ActiveX control allows downloading and executing any Cisco-signed executable files. By renaming a Cisco-signed executable file to inst.exe and putting it on a webserver, an attacker can subsequently exploit vulnerabilities in the Cisco-signed executable file remotely.
085e396d652f1e2079b1c44f5c0088b0Zero Day Initiative Advisory 11-091 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Secure Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within CSDWebInstaller.ocx ActiveX control. The vulnerable Cisco-signed ActiveX control verifies the signing authority names in the certificate chain but fails to properly verify the digital signature of an executable file that is downloaded and executed by the Cisco Secure Desktop installation process. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
e21e1417d4a0fd870dc2a7dd5de9eefeSecunia Security Advisory - Secunia Research has discovered two vulnerabilities in Dell DellSystemLite.Scanner ActiveX control, which can be exploited by malicious people to disclose various information.
18e5f44ac049c850a45b1c78a36aaaceAoA MP4 Converter version 4.1.0 suffers from an active-x related stack overflow vulnerability.
dbe6ffeb3c5f2c8cc9304a4f403c98de
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed