NTR ActiveX Control StopModule() Input Validation
https://packetstormsecurity.com/files/108596/secunia-ntrvalidation.txt
https://packetstormsecurity.com/files/108596/secunia-ntrvalidation.txthttps://packetstormsecurity.com/files/108596/NTR-ActiveX-Control-StopModule-Input-Validation.htmlThu, 12 Jan 2012 03:46:08 GMTSecunia Research has discovered a vulnerability in NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by missing input validation in the handling of the "StopModule()" method and can be exploited via a specially crafted "lModule" parameter to reference an expected module structure at an arbitrary memory address. This can be exploited to dereference an arbitrary value in memory as a function pointer. Successful exploitation allows execution of arbitrary code. NTR ActiveX Control version 1.1.8 is affected.