The specific flaw exists within processing of the AddStringUserProperty method within the UCCDRAW.UCCDrawCtrl.1 ActiveX control. The process does not properly validate a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.
CVE Link
Exploit Type - Old
Exploits/Client Side
Exploit Platform
Exploit Type
Product Name