PT-2011-4210 · Sunway · Sunway Forcecontrol

Published

2011-07-29

Updated

2011-08-01

CVE-2011-2960

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Sunway ForceControl versions 6.1 SP1, SP2, and SP3

Description The issue is a heap-based buffer overflow in the httpsvr.exe version 6.0.5.3, which can be exploited by remote attackers using a crafted URL. This can cause a denial of service, resulting in a crash, and potentially allow the execution of arbitrary code.

Recommendations For Sunway ForceControl versions 6.1 SP1, SP2, and SP3, consider restricting access to the httpsvr.exe until a patch is available. As a temporary workaround, avoid using crafted URLs that could trigger the buffer overflow in the httpsvr.exe. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2011-2960

Affected Products

Sunway Forcecontrol

PT-2011-4210 · Sunway · Sunway Forcecontrol

CVE-2011-2960

Weakness Enumeration

Related Identifiers

Affected Products

References · 8