InPage is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.
Information
Exploit
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
References:
- Exploit:O97M/CVE-2017-12824 (Microsoft)
- Product Download Page (inpage)
- InPage zero-day exploit used to attack financial institutions in Asia (securelist)