Untrusted Pointer Dereference in UCanCode E-XD++ Visualization Enterprise Suite
CVE-2017-20211

8.6HIGH

Key Information:

Vendor

Ucancode.net Software

Status
E-xd++ Visualization Enterprise Suite
Vendor
CVE Published:
12 November 2025

What is CVE-2017-20211?

UCanCode E-XD++ Visualization Enterprise Suite contains a vulnerability related to untrusted pointer dereference through the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. This issue occurs when the RotateShape method allows the dereferencing of a user-controlled pointer without proper validation. If exploited with crafted inputs, this flaw may enable an attacker to control pointer dereference actions, potentially leading to remote code execution within the host process. User interaction is necessary to trigger this vulnerability, requiring the instantiation of the ActiveX control via web pages or files.

Affected Version(s)

E-XD++ Visualization Enterprise Suite 0

References

https://www.zerodayinitiative.com/advisories/ZDI-17-422/
technical-description
https://www.ucancode.net/
product
https://www.vulncheck.com/advisories/ucancode-e-xd-visual...
third-party-advisory

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

rgod
Zero Day Initiative (ZDI)
JSON
.
CVE-2017-20211 : Untrusted Pointer Dereference in UCanCode E-XD++ Visualization Enterprise Suite