CVE-2017-20211
BaseFortify
Publication date: 2025-11-12
Last updated on: 2025-11-12
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ucancode | e-xd++_visualization_enterprise_suite | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-823 | The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the UCanCode E-XD++ Visualization Enterprise Suite's ActiveX control TKDRAWCAD.TKDrawCADCtrl.1. It involves an untrusted pointer dereference through the RotateShape method, which dereferences a user-supplied pointer without proper validation. An attacker can craft input that causes the control to dereference a pointer they control, potentially leading to remote code execution within the context of the hosting process. Exploitation requires user interaction, such as instantiating the ActiveX control via a web page or file.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code remotely on the affected system with the privileges of the hosting process. This could lead to system compromise, data theft, or further attacks within the network. Since it requires user interaction, the attacker might trick a user into opening a malicious web page or file to trigger the exploit.