Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey (1) set or (2) get command.
https://ics-cert.us-cert.gov/advisories/ICSA-15-097-01
http://www.zerodayinitiative.com/advisories/ZDI-15-392