Kee Hong

**Name of the Vulnerable Software and Affected Versions** KSign KSignSWAT ActiveX Control version 2.0.3.3 **Description** The issue is related to multiple stack-based buffer overflows in the KSign KSignSWAT ActiveX Control. This can be exploited by remote attackers to execute arbitrary code via long arguments to certain functions, including (1) `SWAT Init()`, (2) `SWAT InitEx()`, (3) `SWAT InitEx2()`, (4) `SWAT InitEx3()`, and (5) `SWAT Login()`. **Recommendations** For version 2.0.3.3, as a temporary workaround, consider disabling the `SWAT Init()`, `SWAT InitEx()`, `SWAT InitEx2()`, `SWAT InitEx3()`, and `SWAT Login()` functions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.