CVE-2011-0340

2011-05-0422:55:00

CWE-119

[email protected]

web.nvd.nist.gov

123

cve

buffer overflow

issymbol

activex

control

security vulnerability

remote code execution

indusoft

advantech studio

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.841 High

EPSS

Percentile

98.5%

JSON

Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.

CPENameOperatorVersion
indusoft:web_studioindusoft web studioeq6.1
indusoft:thin_clientindusoft thin clienteq7.0
advantech:advantech_studioadvantech advantech studioeq6.1
indusoft:web_studioindusoft web studiole7.0

CPE	Name	Operator	Version
indusoft:web_studio	indusoft web studio	eq	6.1
indusoft:thin_client	indusoft thin client	eq	7.0
advantech:advantech_studio	advantech advantech studio	eq	6.1
indusoft:web_studio	indusoft web studio	le	7.0