216.73.217.86

CVE-2013-10057

· Published 01/08/2025 21:15 · Modified 01/08/2025 21:15

Labels: CVE-2013-10057 2025-08-01CVE-2013-10057CWE-94[email protected]

Essential information

Published
01/08/2025 21:15
Modified
01/08/2025 21:15
Author
Creator
CVSS
7.5 HIGH (v3) 7.5 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A stack-based buffer overflow vulnerability exists in Synactis PDF In-The-Box ActiveX control (PDF_IN_1.ocx), specifically the ConnectToSynactis method. When a long string is passed to this method—intended to populate the ldCmdLine argument of a WinExec call—a strcpy operation overwrites a saved TRegistry class pointer on the stack. This allows remote attackers to execute arbitrary code in the context of the user by enticing them to visit a malicious webpage that instantiates the vulnerable ActiveX control. The vulnerability was discovered via its use in third-party software such as Logic Print 2013.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
synactis / pdf in-the-box cpe:2.3:a:synactis:pdf_in-the-box:*:*:*:*:*:*:*:*

References