CVE-2011-0340

Name of the Vulnerable Software and Affected Versions InduSoft Web Studio versions prior to 7.0+SP1 InduSoft Thin Client version 7.0 Advantech Studio version 6.1 SP6 61.6.01.05

Description The issue allows remote attackers to execute arbitrary code via a long value in certain properties or method arguments, including InternationalOrder, InternationalSeparator, or LogFileName property values, or a long bstrFileName argument to the OpenScreen method.

Recommendations For InduSoft Web Studio versions prior to 7.0+SP1, update to version 7.0+SP1 or later. For InduSoft Thin Client version 7.0, consider disabling the OpenScreen method or restricting access to the ISSymbol ActiveX control until a patch is available. For Advantech Studio version 6.1 SP6 61.6.01.05, restrict the use of long values in the InternationalOrder, InternationalSeparator, or LogFileName properties to minimize the risk of exploitation.