A buffer overflow vulnerability found in the AutoVue.ocx ActiveX control due in strcpy function in the SetMarkupMode method, when handling a specially crafted sMarkup argument. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 and 7 without JAVA, and Internet Explorer 8 with JAVA 6 in Windows XP, and Internet Explorer 8 and 9 in Windows VISTA/SEVEN with Java 6 installed) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
CVE Link
Exploit Platform
Exploit Type
Product Name