CVE-2013-2602

Name of the Vulnerable Software and Affected Versions MyHeritage SEQueryObject ActiveX control version 1.0.2.0

Description The issue arises from multiple array index errors in the MyHeritage SEQueryObject ActiveX control, allowing remote attackers to execute arbitrary code. This can be achieved through various parameters in different methods, including seTokensArray and seTokensValuesArray in the AddTokens method, multiple parameters in the AddMultipleSearches method such as seFrameIdArray, seSourceIdArray, and others, and parameters like seSourceIdArray and seIsIndexedArray in the TestYourself method.

Recommendations For MyHeritage SEQueryObject ActiveX control version 1.0.2.0, consider disabling the AddTokens, AddMultipleSearches, and TestYourself methods until a patch is available to prevent exploitation. Restrict access to the vulnerable SearchEngineQuery.dll to minimize the risk of arbitrary code execution. Avoid using the vulnerable parameters such as seTokensArray, seTokensValuesArray, seFrameIdArray, seSourceIdArray, and others in the affected methods until the issue is resolved.