CVE-2018-5197

Name of the Vulnerable Software and Affected Versions: Xplatform ActiveX versions 9.2 through 9.2.2

Description: A command injection attack is possible due to insufficient input validation of command parameters in the ExtCommon.dll user extension module. An attacker could craft malicious parameters to execute arbitrary commands.

Recommendations: For versions 9.2 through 9.2.2, consider restricting input to prevent malicious command parameters until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.