UCanCode has active-x vulnerabilities which allow for remote code execution and denial of service attacks.
a65bb98b56e177de39cb68a5ca7eaebbMicro Focus Rumba versions 9.3 and below suffer from an active-x stack buffer overflow vulnerability.
9e3234252e3ab198ce4f3fe1a12462a0LEADTOOLS Active-X control suffers from multiple DLL side loading vulnerabilities.
775579871382474adb24c7e3d4e01caeUsing Advantech WebAccess SCADA Software and attacker can remotely manage industrial control systems devices like RTU's, generators, motors, etc. Attackers can execute code remotely by passing a maliciously crafted string to ConvToSafeArray API in ASPVCOBJLib.AspDataDriven ActiveX.
f17c7b4d90cf1d0a5543245f4b52d5c9A deficiency in handling authentication and authorization has been found with Kguard 104/108/v2 models. While password-based authentication is used by the ActiveX component to protect the login page, all the communication to the application server at port 9000 allows data to be communicated directly with insufficient or improper authorization. Proof of concept exploit included.
193e1c13c376a9696db8861bf83eb8b8Tango FTP active-x heap spray exploit that leverages a vulnerability in the COM component used eSellerateControl350.dll (3.6.5.0) method of the GetWebStoreURL member. Affects version 1.0 build 136.
98b386456927ea49ced509247d671e07Tango DropBox active-x heap spray exploit that leverages a vulnerability in the COM component used eSellerateControl350.dll (3.6.5.0) method of the GetWebStoreURL member. Affects versions 3.1.5 and PRO.
49f9337a83c7ed744b2fbc9dc80f97e51 Click Audio Converter version 2.3.6 suffers from an active-x buffer overflow vulnerability.
d351557efe9142293a873dc9ca88fbc31 Click Extract Audio version 2.3.6 suffers from an active-x buffer overflow vulnerability.
eb63bada7d249d986c147334f8d95493This Metasploit module exploits a buffer overflow in the VideoPlayer.ocx ActiveX installed with the X360 Software. By setting an overly long value to 'ConvertFile()',an attacker can overrun a .data buffer to bypass ASLR/DEP and finally execute arbitrary code.
ccdbee72507f4689f2f29a861de8f106The UltraSVCam ActiveX Control 'UltraSVCamX.ocx' suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraSVCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions affected include Bullet Type ICL5132 and Bullet Type ICL5452.
02c64e789da003ccc07cc6e9ec09fe9eThe UltraHVCam ActiveX Control 'UltraHVCamX.ocx' suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraHVCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions affected include PT Type ICS2330, Cube Type ICS2030, and Dome Type ICS7522.
7ae4523a862bb27def6630329d4b58d6The TRENDnet UltraCam ActiveX Control UltraCamX.ocx suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions TV-IP422WN and TV-IP422W are affected.
e107fc82efd5facb32e068ccfa2c8dd2Core Security Technologies Advisory - Advantech WebAccess version 7.2 is vulnerable to a stack-based buffer overflow attack, which can be exploited by remote attackers to execute arbitrary code, by providing a malicious html file with specific parameters for an ActiveX component.
235685a5967719a6453d6269c1a81c40This Metasploit module exploits a buffer overflow vulnerability in Advantec WebAccess. The vulnerability exists in the dvs.ocx ActiveX control, where a dangerous call to sprintf can be reached with user controlled data through the GetColor function. This Metasploit module has been tested successfully on Windows XP SP3 with IE6 and Windows 7 SP1 with IE8 and IE 9.
af5de54bec2ef4ef7c6543a9d64b420bAoA MP4 Converter version 4.1.2 suffers from an overflow vulnerability.
7382e2fb12e216f1d7d47cf3f9c15633AoA Audio Extractor Basic version 2.3.7 suffers from an overflow vulnerability.
022a89884a71b14c768452227995b902AoA DVD Creator version 2.6.2 suffers from an overflow vulnerability.
d995ac92e0f6e833f7cb4a29967dfc02This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 12.0.0.43. By supplying a specially crafted swf file it is possible to trigger an integer underflow in several avm2 instructions, which can be turned into remote code execution under the context of the user, as exploited in the wild in February 2014. This Metasploit module has been tested successfully with Adobe Flash Player 11.7.700.202 on Windows XP SP3, Windows 7 SP1 and Adobe Flash Player 11.3.372.94 on Windows 8 even when it includes rop chains for several Flash 11 versions, as exploited in the wild.
6b1a9b03120530ac586d1d91aed1eb53This Metasploit module exploits a type confusion vulnerability found in the ActiveX component of Adobe Flash Player. This vulnerability was found exploited in the wild in November 2013. This Metasploit module has been tested successfully on IE 6 to IE 10 with Flash 11.7, 11.8 and 11.9 prior to 11.9.900.170 over Windows XP SP3 and Windows 7 SP1.
711da7fb2ca640490f5dd63b766555f1This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.5.502.149. By supplying a specially crafted swf file with special regex value, it is possible to trigger an memory corruption, which results in remote code execution under the context of the user, as exploited in the wild in February 2013. This Metasploit module has been tested successfully with Adobe Flash Player 11.5 before 11.5.502.149 on Windows XP SP3 and Windows 7 SP1 before MS13-063, since it takes advantage of a predictable SharedUserData in order to leak ntdll and bypass ASLR.
228fa2f8713ad5f23d8ad51136d35d78This Metasploit module abuses the kxClientDownload.ocx ActiveX control distributed with WellingTech KingScada. The ProjectURL property can be abused to download and load arbitrary DLLs from arbitrary locations, leading to arbitrary code execution, because of a dangerous usage of LoadLibrary. Due to the nature of the vulnerability, this module will work only when Protected Mode is not present or not enabled.
287d97f2652981fe694264c71eb7c221MW6 Technologies has various active-x controls that suffer from buffer overflow vulnerabilities. Proof of concept code is included.
48b4f0c5d4b82ec96ab5919da9c4e28aDaumGame active-x control versions 1.1.0.5 and 1.1.0.4 suffer from a buffer overflow vulnerability. Proof of concept code included.
bb38487f14a6788ab2616efdecf39f1cThis is a whitepaper that discusses using heap sprays with vulnerable active-x controls.
7b21cd751482e2d3247bda57d1a1cf23
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed