Advantech Webaccess suffers from an ActiveX buffer overflow. The specific flaw exists within the Connect method in webeye.ocx module.The control does not check the length of an attacker-supplied string in the Connect method before copying it into a fixed length buffer on the stack. This allows an attacker to execute arbitrary code in the context of the browser process. This module runs a web server waiting for vulnerable clients (Internet Explorer 6, 7, 8 to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
CVE Link
Exploit Platform
Exploit Type
Product Name