This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Stack Buffer Overflow in Hyleos ChemView ActiveX. π₯ **Consequences**: Remote attackers can execute arbitrary code via malformed file declarations with extra whitespace.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: Stack-based buffer overflow. β οΈ **Flaw**: Improper handling of multiple blank characters in `SaveasMolFile` and `ReadMolFile` declarations.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: Hyleos ChemView. π **Version**: Specifically v1.9.5.1. π₯οΈ **Component**: The ActiveX control embedded in browsers.
Q4What can hackers do? (Privileges/Data)
π **Privileges**: Arbitrary Code Execution. π **Data**: Full system compromise possible. The attacker gains the same rights as the user running the browser.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: Low. π **Auth**: None required. It is a **Remote** vulnerability. Victims just need to visit a malicious page or open a crafted file.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π£ **Public Exp?**: YES. π **Sources**: Exploit-DB (ID 11422) and Packet Storm Security have public PoCs. Wild exploitation is feasible.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for Hyleos ChemView ActiveX control. π **Indicator**: Look for version 1.9.5.1 in browser plugins or installed software lists.
π **No Patch?**: Disable ActiveX controls. π« **Mitigation**: Block the specific ActiveX class ID or use a browser with strict ActiveX restrictions.
Q10Is it urgent? (Priority Suggestion)
π₯ **Urgency**: HIGH. π **Priority**: Critical. Remote Code Execution (RCE) with public exploits means immediate patching or isolation is required.