3D Life Player suffers from an ActiveX stack overflow. The exploit is triggered when the SRC property processes a long string argument resulting in a stack-based buffer overflow. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 or 7) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

010 Editor is prone to a vulnerability that may allow the execution of any library file named wintab32.dll, if this dll is located in the same folder than a .HEX file. The attacker must entice a victim into opening a specially crafted .HEX file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.