CVE-2012-0266

Name of the Vulnerable Software and Affected Versions NTR ActiveX control versions prior to 2.0.4.8

Description The issue allows remote attackers to execute arbitrary code due to multiple stack-based buffer overflows. This can occur through various methods, including a long bstrUrl parameter to the StartModule method, a long bstrParams parameter to the Check method, or a long bstrUrl parameter to the Download or DownloadModule method during the construction of a .ntr pathname or a URL.

Recommendations For versions prior to 2.0.4.8, update to version 2.0.4.8 or later to resolve the issue. As a temporary workaround, consider restricting the length of the bstrUrl and bstrParams parameters to prevent buffer overflows. Additionally, restrict access to the StartModule, Check, Download, and DownloadModule methods to minimize the risk of exploitation.