eCentrex Voice over IP (VoIP) Client software contains a buffer overflow in its ActiveX control that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the user.
The vulnerability exists due to a lack of bounds checking in the ActiveX control. An unauthenticated, remote attacker could exploit this vulnerability through a malicious website. If the attacker can convince a user to visit the page, the attacker could execute arbitrary code with the privileges of the user.
Proof-of-concept code is publicly available that can allow an attacker to execute arbitrary code on Internet Explorer 6 SP2.
eCentrex has not confirmed this vulnerability and updates are not available.