The specific flaw exists within the factory object's loadExtensionFactory method. The issue lies in a failure to validate the size of an attacker-supplied input before copying it into a fixed-size buffer on the stack. An attacker can leverage this vulnerability to execute code under the context of the current process. This module runs a web server waiting for vulnerable clients (Internet Explorer 6, 7, 8, 9) to connect to it.
CVE Link
Exploit Platform
Exploit Type
Product Name