This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 12.0.0.43. By supplying a specially crafted swf file it is possible to trigger an integer underflow in several avm2 instructions, which can be turned into remote code execution under the context of the user, as exploited in the wild in February 2014. This Metasploit module has been tested successfully with Adobe Flash Player 11.7.700.202 on Windows XP SP3, Windows 7 SP1 and Adobe Flash Player 11.3.372.94 on Windows 8 even when it includes rop chains for several Flash 11 versions, as exploited in the wild.

AoA DVD Creator version 2.6.2 suffers from an overflow vulnerability.

AoA Audio Extractor Basic version 2.3.7 suffers from an overflow vulnerability.

AoA MP4 Converter version 4.1.2 suffers from an overflow vulnerability.

This Metasploit module exploits a buffer overflow vulnerability in Advantec WebAccess. The vulnerability exists in the dvs.ocx ActiveX control, where a dangerous call to sprintf can be reached with user controlled data through the GetColor function. This Metasploit module has been tested successfully on Windows XP SP3 with IE6 and Windows 7 SP1 with IE8 and IE 9.

Core Security Technologies Advisory - Advantech WebAccess version 7.2 is vulnerable to a stack-based buffer overflow attack, which can be exploited by remote attackers to execute arbitrary code, by providing a malicious html file with specific parameters for an ActiveX component.

The TRENDnet UltraCam ActiveX Control UltraCamX.ocx suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions TV-IP422WN and TV-IP422W are affected.

The UltraHVCam ActiveX Control 'UltraHVCamX.ocx' suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraHVCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions affected include PT Type ICS2330, Cube Type ICS2030, and Dome Type ICS7522.

The UltraSVCam ActiveX Control 'UltraSVCamX.ocx' suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraSVCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions affected include Bullet Type ICL5132 and Bullet Type ICL5452.

This Metasploit module exploits a buffer overflow in the VideoPlayer.ocx ActiveX installed with the X360 Software. By setting an overly long value to 'ConvertFile()',an attacker can overrun a .data buffer to bypass ASLR/DEP and finally execute arbitrary code.

1 Click Extract Audio version 2.3.6 suffers from an active-x buffer overflow vulnerability.

1 Click Audio Converter version 2.3.6 suffers from an active-x buffer overflow vulnerability.

Micro Focus Rumba versions 9.3 and below suffer from an active-x stack buffer overflow vulnerability.

Avaya IP Office (IPO) versions 9.1.0 through 10.1 suffer from an active-x buffer overflow vulnerability.

BarcodeWiz ActiveX Control versions prior to 6.7 suffers from a buffer overflow vulnerability.

scrrun.dll on Microsoft Windows 10 suffers from file creation, folder creation, and folder deletion vulnerabilities.

G DATA TOTAL SECURITY version 25.4.0.3 suffers from an active-x buffer overflow vulnerability.

DiskBoss version 7.7.14 Input Directory local buffer overflow proof of concept exploit.

CloudMe version 1.11.2 buffer overflow proof of concept exploit. Original vulnerability discovered by hyp3rlinx.