The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control allows remote malicious users to overwrite arbitrary files via the SaveToFile function.
db soft lab dewizardx