Computer Security
[EN] no-pyccku

InduSoft Thin Client ActiveX buffer overflow
updated since 27.08.2012
SecurityVulns ID:12530
Threat Level:
Description:ISSymbol.ocx InternationalOrder paramter heap overflow.
CVE:CVE-2011-0340 (Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.)
Original documentdocumentZDI, ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability (02.09.2012)
 documentZDI, CVE-2011-0340 (27.08.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod