QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-20211

Back to search

CVE-2017-20211

Published: Nov 12, 2025

Modified: Nov 13, 2025

PUBLISHED

Description

UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. This is because it exposes a RotateShape method that dereferences a user-supplied pointer without sufficient validation. A crafted input may cause the control to dereference an attacker-controlled pointer, enabling remote code execution in the context of the hosting process. The vulnerability requires user interaction (instantiation of the ActiveX control via a web page or a file).

VendorProductVersions

UCanCode.Net Software

E-XD++ Visualization Enterprise Suite

affected
0

Weaknesses (CWE)

CWE-823

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now
CVE-2017-20211 - Security Vulnerability | QwikSec