Microsoft · Djvu Activex Control · CVE-2008-4922
**Name of the Vulnerable Software and Affected Versions**
DjVu ActiveX Control version 3.0 for Microsoft Office
**Description**
The issue allows remote attackers to execute arbitrary code via a long `ImageURL` property, and possibly the `Mode`, `Page`, or `Zoom` properties. This is due to a buffer overflow in the DjVu ActiveX Control.
**Recommendations**
For DjVu ActiveX Control version 3.0, consider disabling the control until a patch is available to prevent exploitation. Restrict access to the `ImageURL`, `Mode`, `Page`, and `Zoom` properties to minimize the risk of arbitrary code execution.