A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and previous versions in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote malicious users to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft visual studio 6.0.0.9782 |
||
microsoft visual studio 6.0 |