Siemens WinCC contains an overflow condition in the RegReader ActiveX control. The issue is triggered as user-supplied input is not properly validated during the handling of a malformed website that calls the aforementioned ActiveX control. This may allow a context-dependent attacker to cause a buffer overflow and allowing the execution of arbitrary code. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 and 7 ) in Windows XP to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
CVE Link
Exploit Platform
Exploit Type
Product Name