EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin of calls to ActiveX functions, which allows remote attackers to read arbitrary files or cause a denial of service via a crafted web site.Referenceshttp://www.securityfocus.com/archive/1/519010/100/0/threadedhttp://securityreason.com/securityalert/8319
