The specific flaw exists within the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control. The SaveCurrentImageEx method copies an attacker provided filename into a fixed size buffer. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

3D Life Player suffers from an ActiveX stack overflow. The exploit is triggered when the SRC property processes a long string argument resulting in a stack-based buffer overflow. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 or 7) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

010 Editor is prone to a vulnerability that may allow the execution of any library file named wintab32.dll, if this dll is located in the same folder than a .HEX file. The attacker must entice a victim into opening a specially crafted .HEX file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.