CVE-2009-1606

Name of the Vulnerable Software and Affected Versions: DafoloControl ActiveX control version 1.108.6.195

Description: The issue concerns multiple stack-based and heap-based buffer overflows in the DafoloControl ActiveX control. Remote attackers can execute arbitrary code via long values in certain properties, including baseurl, kommune, felter, afdeling, Flags, HelpURL, caburl, or filename, or by passing a long argument to the Open method.

Recommendations: For version 1.108.6.195, consider disabling the DafoloControl ActiveX control until a patch is available to prevent exploitation. Restrict access to the properties baseurl, kommune, felter, afdeling, Flags, HelpURL, caburl, and filename to minimize the risk of arbitrary code execution. Avoid using the Open method with long arguments until the issue is resolved.