A heap-based buffer overflow exists in the third-party product Gigasoft, v5 and prior, included in GE Communicator 3.15 and prior. A malicious HTML file that loads the ActiveX controls can trigger the vulnerability via unchecked function calls.Referenceshttps://ics-cert.us-cert.gov/advisories/ICSA-18-275-02http://www.securityfocus.com/bid/99580
