The vulnerability is caused due to a boundary error in the CNC_Ctrl.dll ActiveX control when handling the BackupToAvi() method.

The flaw exists within the sccfut.dll component which is used by

multiple vendors. The process copies the target of a crafted tag to a local stack buffer.

This module exploits a vulnerability in McAfee Virtual Technician MVTControl, which can be abused by using the GetObject() function to load unsafe classes, therefore allowing remote code execution under the context of the user.

This module allows remote attackers to place arbitrary files on a users file system by abusing the "saveXML" method from the "XMLSimpleAccessor" class in the HP Easy Printer HPTicketMgr.dll ActiveX Control (HPTicketMgr.dll 2.7.2.0). Code execution can be achieved by first uploading the payload to the remote machine embedding a vbs file, and then upload another mof file, which enables Windows Management Instrumentation service to execute the vbs.

A buffer overflow vulnerability exists in ispVM when processing crafted .XCF files can be exploited via an overly long version value within the ispXCF tag.

A boundary error exists in the WebPlayer ActiveX control when processing the "SRC" property with an overly long string.

The vulnerability is caused due to a boundary error when processing the tags within .PAC files. This can be exploited to cause a stack-based buffer overflow via an overly long string.

This module exploits a buffer overflow vulnerability in the NSEPA.NsepaCtrl.1 ActiveX control in Nsepa.ocx in Citrix Access Gateway Enterprise Edition. When the control processes a crafted HTTP header data, a stack based buffer overflow occurs allowing execution of arbitrary code.

IBM Rational ClearQuest ActiveX control Cqole.dll is vulnerable to a buffer overflow, caused by a function prototype mismatch in the RegisterSchemaRepoFromFileByDbSet() function.

The CrazyTalk4Native.dll bundled with Dell Webcam Central is prone to a buffer overflow which is exploited by this module.