PT-2011-2281 · Indusoft · Indusoft Web Studio

Dmitry Pletnev

Published

2011-09-02

Updated

2013-05-21

CVE-2011-0342

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions InduSoft Web Studio version 7.0B2 hotfix 7.0.01.04

Description The issue concerns multiple buffer overflows in the InduSoft ISSymbol ActiveX control. These overflows can be triggered by passing a long parameter to specific methods, allowing remote attackers to execute arbitrary code. The affected methods include the Open(), Close(), and SetCurrentLanguage() functions.

Recommendations For InduSoft Web Studio version 7.0B2 hotfix 7.0.01.04, consider disabling the ISSymbol ActiveX control until a patch is available to prevent exploitation through the Open(), Close(), and SetCurrentLanguage() methods. Restrict access to these methods to minimize the risk of arbitrary code execution.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2011-0342

Affected Products

Indusoft Web Studio

PT-2011-2281 · Indusoft · Indusoft Web Studio

CVE-2011-0342

Weakness Enumeration

Related Identifiers

Affected Products

References · 6