PT-2011-2274 · Honeywell · Honeywell Scanserver

Published

2011-03-22

Updated

2011-04-09

CVE-2011-0331

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Honeywell ScanServer version 780.0.20.5

Description The issue is related to a use-after-free vulnerability in the addOSPLext method of the Honeywell ScanServer ActiveX control. This vulnerability allows remote attackers to execute arbitrary code via a crafted HTML document.

Recommendations For version 780.0.20.5, consider disabling the addOSPLext method as a temporary workaround until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2011-0331

Affected Products

Honeywell Scanserver

PT-2011-2274 · Honeywell · Honeywell Scanserver

CVE-2011-0331

Weakness Enumeration

Related Identifiers

Affected Products

References · 6