Full title: Advantech WebAccess dvs.ocx GetColor Buffer Overflow Exploit 
Category: remote exploits
Platform: windows
This Metasploit module exploits a buffer overflow vulnerability in Advantec WebAccess. The vulnerability exists in the dvs.ocx ActiveX control, where a dangerous call to sprintf can be reached with user controlled data through the GetColor function. This Metasploit module has been tested successfully on Windows XP SP3 with IE6 and Windows 7 SP1 with IE8 and IE 9.

# 0day.today @ http://0day.today/