CVE-2012-3007

Name of the Vulnerable Software and Affected Versions Invensys Wonderware SuiteLink versions prior to 58.x InTouch/Wonderware Application Server IT versions prior to 10.5 WAS versions prior to 3.5 DASABCIP versions prior to 4.1 SP2 DASSiDirect versions prior to 3.0 DAServer Runtime Components versions prior to 3.0 SP2

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash or hang, via a long Unicode string. This is due to a stack-based buffer overflow in the slssvc.exe component.

Recommendations For Invensys Wonderware SuiteLink versions prior to 58.x, update to version 58.x or later. For InTouch/Wonderware Application Server IT versions prior to 10.5, update to version 10.5 or later. For WAS versions prior to 3.5, update to version 3.5 or later. For DASABCIP versions prior to 4.1 SP2, update to version 4.1 SP2 or later. For DASSiDirect versions prior to 3.0, update to version 3.0 or later. For DAServer Runtime Components versions prior to 3.0 SP2, update to version 3.0 SP2 or later.