Vulnerability CVE-2011-0340


Published: 2011-05-04   Modified: 2012-02-13

Description:
Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.

See advisories in our WLB2 database:
Topic
Author
Date
High
InduSoft Thin Client InternationalOrder Remote Code Execution
Alexander Gavrun
23.08.2012
High
InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution
Alexander Gavrun
29.08.2012
High
InduSoft Web Studio ISSymbol.ocx InternationalSeparator() Heap Overflow
Juan vazque
21.12.2012

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Indusoft
Product: Thin client 
Version: 7.0;
Product: Web studio 
Version: 7.0; 6.1;
Vendor: Advantech
Product: Advantech studio 
Version: 6.1;

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.vupen.com/english/advisories/2011/1116
http://www.vupen.com/english/advisories/2011/1115
http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-02.pdf
http://www.securityfocus.com/bid/47596
http://www.indusoft.com/hotfixes/hotfixes.php
http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm
http://secunia.com/secunia_research/2011-37/
http://secunia.com/secunia_research/2011-36/
http://secunia.com/advisories/43116
http://secunia.com/advisories/42928
http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03

Related CVE
CVE-2019-3975
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message.
CVE-2019-10961
In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution.
CVE-2019-10993
In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code.
CVE-2019-10991
In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
CVE-2019-10989
In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Not...
CVE-2019-10987
In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
CVE-2019-10985
In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as...
CVE-2019-10983
In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information.

Copyright 2019, cxsecurity.com

 

Back to Top