Description

A stack-based buffer overflow vulnerability exists in Synactis PDF In-The-Box ActiveX control (PDF_IN_1.ocx), specifically the ConnectToSynactis method. When a long string is passed to this method—intended to populate the ldCmdLine argument of a WinExec call—a strcpy operation overwrites a saved TRegistry class pointer on the stack. This allows remote attackers to execute arbitrary code in the context of the user by enticing them to visit a malicious webpage that instantiates the vulnerable ActiveX control. The vulnerability was discovered via its use in third-party software such as Logic Print 2013.

INFO

Published Date :

2025-08-01T20:48:30.424Z

Last Modified :

2025-08-01T20:48:30.424Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2013-10057 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2013-10057.

URL Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/synactis_connecttosynactis_bof.rb cve-icon cve-icon
https://www.exploit-db.com/exploits/25835 cve-icon cve-icon
https://www.fortiguard.com/encyclopedia/ips/35840/synactis-pdf-in-the-box-connecttosynactic-buffer-overflow cve-icon cve-icon
https://www.synactis.com/pdf-in-the-box.htm cve-icon cve-icon
https://www.vulncheck.com/advisories/synactis-pdf-in-the-box-connectosynactic-stack-based-buffer-overflow cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability