CVE-2017-20211

Description

UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. This is because it exposes a RotateShape method that dereferences a user-supplied pointer without sufficient validation. A crafted input may cause the control to dereference an attacker-controlled pointer, enabling remote code execution in the context of the hosting process. The vulnerability requires user interaction (instantiation of the ActiveX control via a web page or a file).

Weakness Type (CWE)

CWE-823 CWE-823

References

Other References

https://www.ucancode.net/ https://www.vulncheck.com/advisories/ucancode-e-xd-visualization-enterprise-suite-untrusted-pointer-dereference-rce https://www.zerodayinitiative.com/advisories/ZDI-17-422/

Frequently Asked Questions

What is CVE-2017-20211? +

UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. This is because it exposes a RotateShape method that dereferences a user-supplied pointer without sufficient validation. A crafted input may cause the control to dereference an attacker-controlled pointer, enabling remote code execution in the context of the hosting process. The vulnerability requires user interaction (instantiation of the ActiveX control via a web page or a file).

How do I check if I'm vulnerable to CVE-2017-20211? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-46806

A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh …

CVE-2023-43553 9.8

Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.

CVE-2017-11076 9.8

On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware …

CVE-2024-42416 8.8

The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount …

CVE-2025-27059 8.8

Memory corruption while performing SCM call.

CVE-2023-43534 8.6

Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point.