Secunia Research has discovered a vulnerability in Danske Bank Danske e-Sec Control Module ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in DanskeSikker.ocx within an error logging function. This can be exploited to cause a stack-based buffer overflow by passing overly long input to certain methods when the ActiveX control has been initialised in a specific manner. Successful exploitation allows execution of arbitrary code when e.g. visiting a malicious web site. Version 3.1.0.48 of DanskeSikker.ocx is affected.
0c49f548014bf47c1e0f20a22462665573baebd5130752d4f8f8b83d773e45d4