Description
Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method.
Exploits (1)
metasploit
WORKING POC
NORMAL
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/emc_appextender_keyworks.rb
References (8)
Scores
EPSS
0.6484
EPSS Percentile
98.5%
Details
CWE
CWE-119
Status
published
Products (12)
emc/captiva_quickscan_pro
4.6 sp1
emc/documentum_applicationxtender_desktop
5.4
ge/intelligent_platforms_proficy_batch_execution
5.6
ge/intelligent_platforms_proficy_historian
3.1
ge/intelligent_platforms_proficy_historian
3.5
ge/intelligent_platforms_proficy_historian
4.0
ge/intelligent_platforms_proficy_historian
4.5
ge/intelligent_platforms_proficy_hmi\/scada_ifix
5.0
ge/intelligent_platforms_proficy_hmi\/scada_ifix
5.1
ge/intelligent_platforms_proficy_pulse
1.0
... and 2 more
Published
Jul 05, 2012
Tracked Since
Feb 18, 2026