Multiple stack-based buffer overflows in Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via two unspecified ActiveX controls.
https://exchange.xforce.ibmcloud.com/vulnerabilities/68988
http://www.us-cert.gov/control_systems/pdf/ICSA-11-195-01.pdf