PT-2025-50235 · Commax · Cnc Ctrl.Dll+1
Published
2025-12-09
·
Updated
2025-12-10
·
CVE-2021-47705
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
COMMAX UMS Client ActiveX Control version 1.7.0.2
Description
The COMMAX UMS Client ActiveX Control contains a heap-based buffer overflow issue. An attacker can execute arbitrary code by supplying overly long string arrays through multiple functions. Improper boundary validation within the
CNC Ctrl.dll library can lead to heap corruption and potential system-level access.Recommendations
Update COMMAX UMS Client ActiveX Control to a newer version that addresses this vulnerability. As a temporary workaround, consider restricting access to the vulnerable component
CNC Ctrl.dll to minimize the risk of exploitation.Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cnc Ctrl.Dll
Commax Ums Client Activex Control