An attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseLoadIconStreamRequest in messaging.dll. This can be done by sending a specially crafted message to 127.0.0.1:7153. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected.
File data ot_500416.nasl
Vendor | Product | Version | CPE |
---|---|---|---|
rockwellautomation | factorytalk_linx | * | cpe:2.3:a:rockwellautomation:factorytalk_linx:*:*:*:*:*:*:*:* |