CVE-2016-0858

Name of the Vulnerable Software and Affected Versions Advantech WebAccess versions prior to 8.1

Description The issue is related to a race condition that allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request, potentially leading to a buffer overflow. This can be exploited through the datacore Service, specifically the datacore.exe, where a strcpy Shared Virtual Memory Overflow can occur, enabling remote code execution.

Recommendations For versions prior to 8.1, update to version 8.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the datacore Service to minimize the risk of exploitation. Avoid using the vulnerable datacore.exe until the issue is resolved.