Detailed Description
Multiple vulnerabilities has been discovered in Ultra Office Control, which can be exploited by malicious people to compromise a user's system.
1) A boundary error exists in the Ultra.OfficeControl ActiveX control (OfficeCtrl.ocx) when handling parameters received by the "HttpUpload()" method. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into visiting a malicious website.
2) The "Save()" method provided by the Ultra.OfficeControl ActiveX control (OfficeCtrl.ocx) allows attackers to overwrite arbitrary files on a user's system by e.g. tricking a user into visiting a malicious website.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
The vulnerabilities are reported in version 2.0.2008.501. Other versions may also be affected.