Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in Quest Explain Plan Display ActiveX Control, which can be exploited by malicious people to manipulate certain data.
f57cc97f7a1170e9cf16fe1335849a7986a309388ca47c22c85ac75d29665ec3Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in Quest Connection Broker Client ActiveX Control, which can be exploited by malicious people to manipulate certain data.
b1287355cd333970e53efed6cdfb22e9a60f55330dc304939d6e4b6b944959c7Quest Toad for Oracle Explain Plan Display active-x control QExplain2.dll version 6.6.1.1115 suffer from a remote file creation / overwrite vulnerability.
b2afadf82d493424e1bec932d4e244b6fa51c594d4802dfb24e80db9201e79eeQuest vWorkspace version 7.5 Connection Broker client active-x control pnllmcli.dll version 7.5.304.547 suffers from a SaveMiniLaunchFile() method remote file creation / overwrite vulnerability.
1374e5faa52d12488546d133528c7d7597d9e842bbf2b7a9ba602df0b39708c0Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in TRENDnet UltraMJCam ActiveX Control, which can be exploited by malicious people to compromise a user's system.
d232e8935e3373309b56ab8fbad2bb22548f62f8d9e9ac48fea9f8f5defc153aSecunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in Camera Stream Client ActiveX Control, which can be exploited by malicious people to compromise a user's system.
0f4504cc49e35bf338bc479bad45e5714cbb5312754432f200fd859dc09d41e8Quest InTrust version 10.4.x suffers from ArDoc.dll active-x control remote file creation / overwrite vulnerabilities in the ReportTree and SimpleTree classes. Proof of concept code included.
1b249434937ec1c1ec6432094ca9aca11399fda520e83ee44caaf8e3963ed614The D-Link SecuriCam DCS-5605 Network Surveillance DcsCliCtrl.dll active-x control suffers from a buffer overflow vulnerability. Proof of concept code included.
1edd0a6afe6d31147b097c2127b64cc9e88a0013161e4c6fafa7d291d19e8ba8Quest InTrust version 10.4.x with Annotation Objects active-x control ANNOTATEX.DLL suffers from a remote code execution vulnerability. Proof of concept code included.
f434df904932a8864ea9998ff353e34532f5d8a789fcad5b7ac3fbfc4f65fc1bThe TRENDnet SecurView TV-IP121WN wireless internet camera UltraMJCam active-x control suffers from an OpenFileDlg() WideCharToMultiByte remote buffer overflow. Proof of concept code included.
a1448bcd0d8740d3db37283f486bc15f2158a7b7818ccafbfc0569b5d3cb8984Secunia Security Advisory - rgod has discovered a vulnerability in Cisco Linksys PlayerPT ActiveX Control, which can be exploited by malicious people to compromise a user's system.
91fbeb70423639d51561f20fdc0fe7590c4836fc40a9423339c16503d32289daCisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT active-x control (PlayerPT.ocx) suffers from a sprintf buffer overflow vulnerability. Version 1.0.0.15 is affected.
3933dd1431da4c063e62908b6d60cf61accefadfda1561e952bfa4c9d5163a86The Dell Webcam software bundled active-x control CrazyTalk4Native.dll suffers from a remote buffer overflow vulnerability.
4602832995fbcf6a2ccdc7e3b461f2c912eb866acd281ca2f1041eff63882cc02X Client for RDP version 10.1.1204 suffers from a ClientSystem class active-x control download and execute vulnerability that affects TuxClientSystem.dll.
27227020ccb5074c6aa97e3a7d52d21c14c048d281d198b91a577d394154d6b42X Application Server version 10.x suffers from a TuxSystem class active-x control file overwrite involving TuxScripting.dll.
0ec15ada5f97ed20cc44237301fcfa9df7cde6ef19772eacaebffed8822def0eCisco Security Advisory - The Cisco Clientless VPN solution as deployed by Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) uses an ActiveX control on client systems to perform port forwarding operations. Microsoft Windows-based systems that are running Internet Explorer or another browser that supports Microsoft ActiveX technology may be affected if the system has ever connected to a device that is running the Cisco Clientless VPN solution. A remote, unauthenticated attacker who could convince a user to connect to a malicious web page could exploit this issue to execute arbitrary code on the affected machine with the privileges of the web browser. The affected ActiveX control is distributed to endpoint systems by Cisco ASA. However, the impact of successful exploitation of this vulnerability is to the endpoint system only and does not compromise Cisco ASA devices. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
d5eb4f15929e22adebee6cabc4901b0a19fd375282c7f4226edd361bb721237fSecunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in 2X Client TuxClientSystem ActiveX Control, which can be exploited by malicious people to compromise a user's system.
4fa63ca9d45fc7953b499401384ec69826335b002c828d9cd598d2a4aade9e03This Metasploit module exploits a vulnerability found in ASUS Net4Switch's ipswcom.dll ActiveX control. A buffer overflow condition is possible in multiple places all because of the poor use of the CxDbgPrint() function, which allows remote attackers to gain arbitrary code execution under the context of the user.
5a0d5660197cc09bd3b197a510a2691b26d23e0b9efcd8f318ca25b4b430ea47Secunia Security Advisory - Digital Security Research Group has discovered a vulnerability in Net4Switch ipswcom ActiveX Control, which can be exploited by malicious people to compromise a user's system.
13b61148844a5c6b2ef31b25572a989d74256dcbc23e44a5e90f9f77a38c9810Zero Day Initiative Advisory 12-027 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SaveDoc function exposed by the VsVIEW6.ocx ActiveX control. The SaveDoc function causes a file to be created at an arbitrary path specified by the first argument (FileName). The file contents can be controlled by first setting the 'Text' member of the object. These behaviors can be exploited by a remote attacker to execute arbitrary code on the target system.
18a904ce62adf630cb8f08055cd0c8789ee111f72763c2cbf5bde4315c6c054aZero Day Initiative Advisory 12-026 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Render() method exposed by the ExportHTML.dll ActiveX control. This method causes a file to be written to an arbitrary path specified by the second argument (Output). The contents of the file can be controlled by manipulating the object members 'CssLocation', 'LayoutStyle' and 'EmbedCss'. The CssLocation member can be directed to a UNC path containing a file to be included in the file generated by the call to Render(). These behaviors can be exploited by an attacker to execute arbitrary code on the target system.
5faff96d7b772db4987ba0423e5a6873f87e25fb7f156aa3410fe6e26a0817ceEdraw Diagram Component 5 active-x buffer overflow proof of concept denial of service exploit.
428ea6a0fb5b774ad26363a005e9f41084184866a058959a2cbd7e8fec064e19Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in 2X ApplicationServer TuxSystem ActiveX Control, which can be exploited by malicious people to manipulate certain data.
2ab0d932da86c475d4acc8a45fe1deeddb2a2401320ad2435c2f50b5398124afThis Metasploit module exploits a vulnerability in Icona SpA C6 Messenger version 1.0.0.1. The vulnerability is in the Downloader ActiveX Control (DownloaderActiveX.ocx). The insecure control can be abused to download and execute arbitrary files in the context of the currently logged-on user.
5ff82482c6d0cc8cb96eb23172d540f4d5ded54210dbc21fe3ea60715403632aSecunia Security Advisory - Parvez Anwar has discovered a vulnerability in LuraWave JP2 ActiveX Control, which can be exploited by malicious people to compromise a user's system.
97c4a4a8465124518f4577273160052b5ee3c38688752e5ff9baff38006bbbac
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed