Dmitry Pletnev

**Name of the Vulnerable Software and Affected Versions** InduSoft Web Studio version 7.0B2 hotfix 7.0.01.04 **Description** The issue concerns multiple buffer overflows in the InduSoft ISSymbol ActiveX control. These overflows can be triggered by passing a long parameter to specific methods, allowing remote attackers to execute arbitrary code. The affected methods include the `Open()`, `Close()`, and `SetCurrentLanguage()` functions. **Recommendations** For InduSoft Web Studio version 7.0B2 hotfix 7.0.01.04, consider disabling the ISSymbol ActiveX control until a patch is available to prevent exploitation through the `Open()`, `Close()`, and `SetCurrentLanguage()` methods. Restrict access to these methods to minimize the risk of arbitrary code execution.