I discovered a buffer overflow in Persist Software XUpload package while researching ActiveX exploitation.
XUpload is prone to a buffer overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
An exploit is in the wild. See the SecurityFocus advisory for more details.