This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Unitronics UniDownloader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing of the SSLCertHandle property of the IPWorksSSL.HTTPS ActiveX control. A crafted value can cause system software to treat arbitrary memory as a certificate structure which is then modified. An attacker can leverage this to attain remote code execution under the context of the user.