Back to search
CVE-2021-47705
Published: Dec 9, 2025
Modified: Apr 7, 2026
PUBLISHED
Description
COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper boundary validation in CNC_Ctrl.dll to cause heap corruption and potentially gain system-level access.
| Vendor | Product | Versions |
|---|---|---|
COMMAX Co., Ltd. | COMMAX UMS Client ActiveX Control | affected 1.7.0.2 |
Weaknesses (CWE)
References
ExploitDB-50232
exploit
Zero Science Lab Disclosure (ZSL-2021-5664)
third-party-advisory
Reference
technical-description
VulnCheck Advisory: CNC_Ctrl DllUnregisterServer Access Violation
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now