The ElonFmt ActiveX Control Module suffers from a buffer overflow vulnerability. When a large buffer is sent to the pid item of the GetItem1 function in elonfmt.ocx module, we get a few memory registers overwritten including the SEH. We’re dealing with a character translation. An attacker can gain access to the system on the affected node and execute arbitrary code.
Read on: http://zeroscience.mk/blog/04/2011/gesytec-elonfmt-activex-1-1-14-elonfmt-ocx-pid-item-buffer-overflow-seh/