The specific flaw exists within the AnnotateX dll ActiveX control included with the software. An attacker can use an unvalidated object parameter in the Insert() function to execute arbitrary code in the context of the browser.
CVE Link
Exploit Type - Old
Exploits/Client Side
Exploit Platform
Exploit Type
Product Name