CVE-2011-2962

Name of the Vulnerable Software and Affected Versions Invensys Wonderware Information Server versions 3.1 through 4.0 SP1

Description The issue is related to multiple stack-based buffer overflows that can be triggered by remote attackers, potentially leading to a denial of service (crash) and possibly the execution of arbitrary code. This is achieved via two unspecified ActiveX controls.

Recommendations For Invensys Wonderware Information Server versions 3.1 through 4.0 SP1, consider disabling the unspecified ActiveX controls as a temporary workaround until a patch is available. Restrict access to these controls to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.