Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Synactis PDF In-The-Box ConnectToSynactic Stack-Based Buffer Overflow
Vulnerability Description
A stack-based buffer overflow vulnerability exists in Synactis PDF In-The-Box ActiveX control (PDF_IN_1.ocx), specifically the ConnectToSynactis method. When a long string is passed to this method—intended to populate the ldCmdLine argument of a WinExec call—a strcpy operation overwrites a saved TRegistry class pointer on the stack. This allows remote attackers to execute arbitrary code in the context of the user by enticing them to visit a malicious webpage that instantiates the vulnerable ActiveX control. The vulnerability was discovered via its use in third-party software such as Logic Print 2013.
CVSS Information
N/A
Vulnerability Type
栈缓冲区溢出
Vulnerability Title
Synactis PDF In-The-Box 安全漏洞
Vulnerability Description
Synactis PDF In-The-Box是法国Synactis公司的一个PDF的生成与操作组件。 Synactis PDF In-The-Box存在安全漏洞,该漏洞源于ConnectToSynactis方法存在缓冲区溢出,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A