CVE-2013-3075

Name of the Vulnerable Software and Affected Versions Mitsubishi MX Component 3 versions 1.0.0.1 Citect CitectFacilities version 7.10 CitectScada version 7.10r1

Description The issue is caused by multiple buffer overflows in the ActUWzd.dll library, which allows remote attackers to execute arbitrary code via a long string. This can be demonstrated by a long WzTitle property value to a certain ActiveX control. The exploitation of this issue may enable a remote attacker to execute arbitrary code using a long string.

Recommendations For Mitsubishi MX Component 3 version 1.0.0.1, consider disabling the use of the ActUWzd.dll library until a patch is available. For Citect CitectFacilities version 7.10, restrict access to the affected ActiveX control to minimize the risk of exploitation. For CitectScada version 7.10r1, avoid using long string values for the WzTitle property in the affected ActiveX control until the issue is resolved.