Lucene search

[email protected]CVE-2011-3142

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2011-3142

2022-10-0316:15:07

CWE-119

[email protected]

web.nvd.nist.gov

cve

buffer overflow

wellintech kingview

activex control

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.3 High

AI Score

Confidence

Low

0.125 Low

EPSS

Percentile

95.5%

JSON

Stack-based buffer overflow in an ActiveX control in KVWebSvr.dll in WellinTech KingView 6.52 and 6.53 allows remote attackers to execute arbitrary code via a long second argument to the ValidateUser method.

Affected configurations

NVD

Node

wellintechkingviewMatch6.52

wellintechkingviewMatch6.53

CPENameOperatorVersion
wellintech:kingviewwellintech kingvieweq6.52
wellintech:kingviewwellintech kingvieweq6.53

CPE	Name	Operator	Version
wellintech:kingview	wellintech kingview	eq	6.52
wellintech:kingview	wellintech kingview	eq	6.53

References

www.cnvd.org.cn/vulnerability/CNVD-2011-04541

www.exploit-db.com/exploits/16936

www.kingview.com/news/detail.aspx?contentid=537

www.osvdb.org/72889

www.scadahacker.com/exploits-wellintech-kvwebsvr.html

www.securityfocus.com/bid/46757

www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-066-01.pdf

www.us-cert.gov/control_systems/pdf/ICSA-11-074-01.pdf

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.3 High

AI Score

Confidence

Low

0.125 Low

EPSS

Percentile

95.5%

JSON

Related for CVE-2011-3142

prion1 nvd1 cvelist1 openvas2 checkpoint_advisories1