CVE-2017-20211
Our Analysis: General-Purpose
Our model has classified this vulnerability as relevant to General-Purpose Systems, helping your team prioritize efforts effectively.
Published Date
November 12, 2025
Last Modified
November 14, 2025
CVSS Vector
Not Available
Description
UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. This is because it exposes a RotateShape method that dereferences a user-supplied pointer without sufficient validation. A crafted input may cause the control to dereference an attacker-controlled pointer, enabling remote code execution in the context of the hosting process. The vulnerability requires user interaction (instantiation of the ActiveX control via a web page or a file).