Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in Quest Explain Plan Display ActiveX Control, which can be exploited by malicious people to manipulate certain data.
f57cc97f7a1170e9cf16fe1335849a7986a309388ca47c22c85ac75d29665ec3
Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in Quest Connection Broker Client ActiveX Control, which can be exploited by malicious people to manipulate certain data.
b1287355cd333970e53efed6cdfb22e9a60f55330dc304939d6e4b6b944959c7
Quest Toad for Oracle Explain Plan Display active-x control QExplain2.dll version 6.6.1.1115 suffer from a remote file creation / overwrite vulnerability.
b2afadf82d493424e1bec932d4e244b6fa51c594d4802dfb24e80db9201e79ee
Quest vWorkspace version 7.5 Connection Broker client active-x control pnllmcli.dll version 7.5.304.547 suffers from a SaveMiniLaunchFile() method remote file creation / overwrite vulnerability.
1374e5faa52d12488546d133528c7d7597d9e842bbf2b7a9ba602df0b39708c0
Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in TRENDnet UltraMJCam ActiveX Control, which can be exploited by malicious people to compromise a user's system.
d232e8935e3373309b56ab8fbad2bb22548f62f8d9e9ac48fea9f8f5defc153a
Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in Camera Stream Client ActiveX Control, which can be exploited by malicious people to compromise a user's system.
0f4504cc49e35bf338bc479bad45e5714cbb5312754432f200fd859dc09d41e8
Quest InTrust version 10.4.x suffers from ArDoc.dll active-x control remote file creation / overwrite vulnerabilities in the ReportTree and SimpleTree classes. Proof of concept code included.
1b249434937ec1c1ec6432094ca9aca11399fda520e83ee44caaf8e3963ed614
The D-Link SecuriCam DCS-5605 Network Surveillance DcsCliCtrl.dll active-x control suffers from a buffer overflow vulnerability. Proof of concept code included.
1edd0a6afe6d31147b097c2127b64cc9e88a0013161e4c6fafa7d291d19e8ba8
Quest InTrust version 10.4.x with Annotation Objects active-x control ANNOTATEX.DLL suffers from a remote code execution vulnerability. Proof of concept code included.
f434df904932a8864ea9998ff353e34532f5d8a789fcad5b7ac3fbfc4f65fc1b
The TRENDnet SecurView TV-IP121WN wireless internet camera UltraMJCam active-x control suffers from an OpenFileDlg() WideCharToMultiByte remote buffer overflow. Proof of concept code included.
a1448bcd0d8740d3db37283f486bc15f2158a7b7818ccafbfc0569b5d3cb8984
Secunia Security Advisory - rgod has discovered a vulnerability in Cisco Linksys PlayerPT ActiveX Control, which can be exploited by malicious people to compromise a user's system.
91fbeb70423639d51561f20fdc0fe7590c4836fc40a9423339c16503d32289da
Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT active-x control (PlayerPT.ocx) suffers from a sprintf buffer overflow vulnerability. Version 1.0.0.15 is affected.
3933dd1431da4c063e62908b6d60cf61accefadfda1561e952bfa4c9d5163a86
The Dell Webcam software bundled active-x control CrazyTalk4Native.dll suffers from a remote buffer overflow vulnerability.
4602832995fbcf6a2ccdc7e3b461f2c912eb866acd281ca2f1041eff63882cc0
2X Client for RDP version 10.1.1204 suffers from a ClientSystem class active-x control download and execute vulnerability that affects TuxClientSystem.dll.
27227020ccb5074c6aa97e3a7d52d21c14c048d281d198b91a577d394154d6b4
2X Application Server version 10.x suffers from a TuxSystem class active-x control file overwrite involving TuxScripting.dll.
0ec15ada5f97ed20cc44237301fcfa9df7cde6ef19772eacaebffed8822def0e
Cisco Security Advisory - The Cisco Clientless VPN solution as deployed by Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) uses an ActiveX control on client systems to perform port forwarding operations. Microsoft Windows-based systems that are running Internet Explorer or another browser that supports Microsoft ActiveX technology may be affected if the system has ever connected to a device that is running the Cisco Clientless VPN solution. A remote, unauthenticated attacker who could convince a user to connect to a malicious web page could exploit this issue to execute arbitrary code on the affected machine with the privileges of the web browser. The affected ActiveX control is distributed to endpoint systems by Cisco ASA. However, the impact of successful exploitation of this vulnerability is to the endpoint system only and does not compromise Cisco ASA devices. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
d5eb4f15929e22adebee6cabc4901b0a19fd375282c7f4226edd361bb721237f
Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in 2X Client TuxClientSystem ActiveX Control, which can be exploited by malicious people to compromise a user's system.
4fa63ca9d45fc7953b499401384ec69826335b002c828d9cd598d2a4aade9e03
This Metasploit module exploits a vulnerability found in ASUS Net4Switch's ipswcom.dll ActiveX control. A buffer overflow condition is possible in multiple places all because of the poor use of the CxDbgPrint() function, which allows remote attackers to gain arbitrary code execution under the context of the user.
5a0d5660197cc09bd3b197a510a2691b26d23e0b9efcd8f318ca25b4b430ea47
Secunia Security Advisory - Digital Security Research Group has discovered a vulnerability in Net4Switch ipswcom ActiveX Control, which can be exploited by malicious people to compromise a user's system.
13b61148844a5c6b2ef31b25572a989d74256dcbc23e44a5e90f9f77a38c9810
Zero Day Initiative Advisory 12-027 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SaveDoc function exposed by the VsVIEW6.ocx ActiveX control. The SaveDoc function causes a file to be created at an arbitrary path specified by the first argument (FileName). The file contents can be controlled by first setting the 'Text' member of the object. These behaviors can be exploited by a remote attacker to execute arbitrary code on the target system.
18a904ce62adf630cb8f08055cd0c8789ee111f72763c2cbf5bde4315c6c054a
Zero Day Initiative Advisory 12-026 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Render() method exposed by the ExportHTML.dll ActiveX control. This method causes a file to be written to an arbitrary path specified by the second argument (Output). The contents of the file can be controlled by manipulating the object members 'CssLocation', 'LayoutStyle' and 'EmbedCss'. The CssLocation member can be directed to a UNC path containing a file to be included in the file generated by the call to Render(). These behaviors can be exploited by an attacker to execute arbitrary code on the target system.
5faff96d7b772db4987ba0423e5a6873f87e25fb7f156aa3410fe6e26a0817ce
Edraw Diagram Component 5 active-x buffer overflow proof of concept denial of service exploit.
428ea6a0fb5b774ad26363a005e9f41084184866a058959a2cbd7e8fec064e19
Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in 2X ApplicationServer TuxSystem ActiveX Control, which can be exploited by malicious people to manipulate certain data.
2ab0d932da86c475d4acc8a45fe1deeddb2a2401320ad2435c2f50b5398124af
This Metasploit module exploits a vulnerability in Icona SpA C6 Messenger version 1.0.0.1. The vulnerability is in the Downloader ActiveX Control (DownloaderActiveX.ocx). The insecure control can be abused to download and execute arbitrary files in the context of the currently logged-on user.
5ff82482c6d0cc8cb96eb23172d540f4d5ded54210dbc21fe3ea60715403632a
Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in LuraWave JP2 ActiveX Control, which can be exploited by malicious people to compromise a user's system.
97c4a4a8465124518f4577273160052b5ee3c38688752e5ff9baff38006bbbac