Stack-Based Buffer Overflow in Synactis PDF In-The-Box
CVE-2013-10057
Key Information:
- Vendor
Synactis
- Status
- Vendor
- CVE Published:
- 1 August 2025
Badges
What is CVE-2013-10057?
A stack-based buffer overflow vulnerability in Synactis PDF In-The-Box ActiveX control occurs in the ConnectToSynactis method. This vulnerability is triggered when an attacker supplies a long string to the method, leading to a stack overwrite that could enable the execution of arbitrary code in the context of the user's environment. This could occur if a compromised webpage instantiates the affected control, allowing attackers to exploit this weakness to perform malicious actions.
Affected Version(s)
PDF In-The-Box *
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved