We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
A stack-based buffer overflow vulnerability exists in Synactis PDF In-The-Box ActiveX control (PDF_IN_1.ocx), specifically the ConnectToSynactis method. When a long string is passed to this method—intended to populate the ldCmdLine argument of a WinExec call—a strcpy operation overwrites a saved TRegistry class pointer on the stack. This allows remote attackers to execute arbitrary code in the context of the user by enticing them to visit a malicious webpage that instantiates the vulnerable ActiveX control. The vulnerability was discovered via its use in third-party software such as Logic Print 2013.
Reserved 2025-08-01 | Published 2025-08-01 | Updated 2025-08-01 | Assigner VulnCheckCWE-121 Stack-based Buffer Overflow
CWE-94 Improper Control of Generation of Code ('Code Injection')
h1ch4m
raw.githubusercontent.com/...nactis_connecttosynactis_bof.rb
www.exploit-db.com/exploits/25835
www.fortiguard.com/...-box-connecttosynactic-buffer-overflow
www.synactis.com/pdf-in-the-box.htm
www.vulncheck.com/...ctosynactic-stack-based-buffer-overflow
Support options