CVE-2012-0267

Name of the Vulnerable Software and Affected Versions NTR ActiveX control versions prior to 2.0.4.8

Description The issue allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer. This occurs in the StopModule method.

Recommendations For versions prior to 2.0.4.8, update to version 2.0.4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the StopModule method until a patch is applied. Avoid using the lModule parameter in the affected method until the issue is resolved.