SolarWinds Application Monitor suffers from an ActiveX heap overflow. The vulnerability is caused due to an error when handling the "PEstrarg1" member within the bundled GigaSoft ProEssentials PieChart ActiveX control (Pesgo32c). This module runs a web server waiting for vulnerable clients (Internet Explorer 6, 7, 8) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

The specific flaw exists within the factory object's loadExtensionFactory method. The issue lies in a failure to validate the size of an attacker-supplied input before copying it into a fixed-size buffer on the stack. An attacker can leverage this vulnerability to execute code under the context of the current process. This module runs a web server waiting for vulnerable clients (Internet Explorer 6, 7, 8, 9) to connect to it.

SolarWinds Application Monitor suffers from an ActiveX heap overflow. The vulnerability is caused due to an error when handling the "PEstrarg1" member within the bundled GigaSoft ProEssentials PieChart ActiveX control (pepco32c.ocx). This module runs a web server waiting for vulnerable clients (Internet Explorer 6, 7 or 8) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

This module exploits a buffer overflow vulnerability in the Extras Manager ActiveX Control included in Skype. This bug is currently being exploited in the wild. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 or 7) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

Sketchup fails to validate the input when parsing an embedded MAC Pict texture, leading to an arbitrary stack offset overwrite and finally to an arbitrary code execution. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

SiSoftware Sandra is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .SIS file. The attacker must entice a victim into opening a specially crafted .SIS file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

Silo is prone to a vulnerability that may allow the execution of any library file named wintab32.dll, if this dll is located in the same folder than a .SIB file. The attacker must entice a victim into opening a specially crafted .SIB file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

Siemens Solid Edge SEListCtrlX ActiveX control is prone to an arbritrary memory write vulnerability because the application fails to perform adequate boundary checks on user-supplied data. This module runs a web server waiting for vulnerable clients (Internet Explorer 7) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

Siemens WinCC contains an overflow condition in the RegReader ActiveX control. The issue is triggered as user-supplied input is not properly validated during the handling of a malformed website that calls the aforementioned ActiveX control. This may allow a context-dependent attacker to cause a buffer overflow and allowing the execution of arbitrary code. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 and 7 ) in Windows XP to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

Shadow Stream Recorder is prone to a remote stack-based buffer-overflow vulnerability because the applications fail to perform adequate boundary checks on user-supplied input. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.