CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19448
https://notcve.org/view.php?id=CVE-2018-19448
17 Jun 2019 — In Foxit Reader SDK (ActiveX) Professional 5.4.0.1031, an uninitialized object in IReader_ContentProvider::GetDocEventHandler occurs when embedding the control into Office documents. By opening a specially crafted document, an attacker can trigger an out of bounds write condition, possibly leveraging this to gain remote code execution. En Foxit Reader SDK (ActiveX) Professional versión 5.4.0.1031, se presenta un objeto sin inicializar en la función IReader_ContentProvider::GetDocEventHandler cuando se incor... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19449
https://notcve.org/view.php?id=CVE-2018-19449
17 Jun 2019 — A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API Doc.exportAsFDF is used. An attacker can leverage this to gain remote code execution. Puede ocurrir una escritura de archivo para archivos PDF especialmente creados en Foxit Reader SDK (ActiveX) Professional versión 5.4.0.1031 cuando se utiliza la función Doc.exportAsFDF de la API de JavaScript. Un atacante puede explotar esto para obtener ejecución de código remota. • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19450
https://notcve.org/view.php?id=CVE-2018-19450
17 Jun 2019 — A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) 5.4.0.1031 when parsing a launch action. An attacker can leverage this to gain remote code execution. Puede ocurrir una inyección de comando para archivos PDF especialmente creados en Foxit Reader SDK (ActiveX) versión 5.4.0.1031 cuando se analiza una acción launch. Un atacante puede explotar esto para obtener ejecución de código remota. • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19451
https://notcve.org/view.php?id=CVE-2018-19451
07 Jun 2019 — A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when using the Open File action on a Field. An attacker can leverage this to gain remote code execution. Puede ocurrir una inyección de comandos para archivos PDF especialmente creados en Foxit Reader SDK (ActiveX) Professional versión 5.4.0.1031 al usar la acción abrir archivo (Open File) en un campo. Un atacante puede explotar esto para conseguir la ejecución de código remota. • http://www.securityfocus.com/bid/108692 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19452
https://notcve.org/view.php?id=CVE-2018-19452
07 Jun 2019 — A use after free in the TextBox field Mouse Enter action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19444, this has a different free location and requires different JavaScript code for exploitation. Un Uso de la Memoria Previamente Liberada (Use After Free) en la acción Enter del mouse sobre el campo TextBox en IReader_ContentProvider puede ocurri... • http://www.securityfocus.com/bid/108692 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 6%CPEs: 2EXPL: 0CVE-2009-3737
https://notcve.org/view.php?id=CVE-2009-3737
17 Aug 2010 — The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document. El control ActiveX Oracle Siebel Option Pack para IE no inicializa adecuadamente la memoria que usa el método NewBusObj, lo cual permite a atacantes remotos ejecutar código a su elección a través de documentos HTML manipulados. • http://secunia.com/advisories/40804 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 0CVE-2008-4387
https://notcve.org/view.php?id=CVE-2008-4387
10 Nov 2008 — Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer. Vulnerabilidad no especificada en el control ActiveX MDrmSap de Simba en mdrmsap.dll en SAP SAPgui permite a atacantes remotos ejecutar código de su elección mediante vectores desconocidos que involucran la instanciación por Internet Explorer. • http://osvdb.org/49721 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 67%CPEs: 2EXPL: 2CVE-2008-4922 – DjVu - 'DjVu_ActiveX_MSOffice.dll' ActiveX Component Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-4922
04 Nov 2008 — Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties. Desbordamiento del búfer en el control ActiveX DjVu v3.0 para Microsoft Office (DjVu_ActiveX_MSOffice.dll) permite a atacantes remotos ejecutar código de su elección a través de un propiedad larga (1) ImageURL y puede que las propiedades (2) Mode, (3) Page, o Zoom. • https://www.exploit-db.com/exploits/16638 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 84%CPEs: 3EXPL: 3CVE-2008-2463 – Microsoft Access - 'Snapview.ocx 10.0.5529.0' ActiveX Remote File Download
https://notcve.org/view.php?id=CVE-2008-2463
07 Jul 2008 — The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder. El control ActiveX Microsoft Offi... • https://www.exploit-db.com/exploits/6124 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 51%CPEs: 22EXPL: 0CVE-2008-0078
https://notcve.org/view.php?id=CVE-2008-0078
12 Feb 2008 — Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability." Vulnerabilidad sin especificar en el Control ActiveX (dxtmsft.dll) en Microsoft Internet Explorer 5.01, 6 SP1 y SP2, y 7, que permite a atacantes remotos ejecutar código de su elección a través de una imagen manipulada, también conocida como "Vulnerabilidad de mem... • http://marc.info/?l=bugtraq&m=120361015026386&w=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •