CVE-2021-47719
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| commax | webviewer | 2.1.4.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or access violation errors related to the COMMAX WebViewer ActiveX Control (Commax_WebViewer.ocx), especially access violation code c0000005 with memory addresses containing repeated patterns like 0x41414141 (ASCII 'AAAA'). Detection can involve running the vulnerable ActiveX control in a controlled environment and inputting excessively long string arrays (e.g., 1000 'A' characters) to trigger the buffer overflow and observe if an access violation occurs. Specific commands are not provided, but debugging tools that capture exception codes and memory dumps during ActiveX control execution can be used to detect the issue. [2, 3]
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in the COMMAX WebViewer ActiveX Control version 2.1.4.5. It occurs because the software does not properly handle excessively long string arrays passed through multiple functions, leading to boundary errors in the Commax_WebViewer.ocx file. This can allow attackers to execute arbitrary code on the affected system.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can execute arbitrary code on your system, potentially gaining control over it. This could lead to unauthorized actions such as installing malware, stealing data, or disrupting system operations.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting the use of the COMMAX WebViewer ActiveX Control version 2.1.4.5, especially in Internet Explorer where it is used. Avoid loading or interacting with the vulnerable ActiveX control until a patch or updated version is provided by the vendor. Additionally, monitoring and blocking suspicious inputs that involve excessively long string arrays to the control can help reduce risk. Since no official patch information is provided, limiting exposure by disabling the ActiveX control or using alternative software is recommended. [2, 3]