The specific flaw exists within processing of the AddStringUserProperty method within the UCCDRAW.UCCDrawCtrl.1 ActiveX control of UCanCode E-XD Visualization Enterprise Suite. The process does not properly validate a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. This module runs a web server waiting for vulnerable clients (Internet Explorer 6, 7, 8) to connect to it.
Exploit Platform
Exploit Type
Product Name