The specific flaw exists within the lrFileIOService ActiveX control. The control exposes the WriteFileBinary method which accepts a parameter named data that it uses as a valid pointer. By specifying invalid values an attacker can force the application to jump to a controlled location in memory. This can be exploited to execute remote code under the context of the user running the web browser.
Monday, August 12, 2013 - 00:00