Lucene search
Copyright (C) 2011 SecPodOPENVAS:902370HistoryMay 26, 2011 - 12:00 a.m.
Advantech Studio Multiple Buffer Overflow Vulnerabilities
2011-05-2600:00:00
Copyright (C) 2011 SecPod
plugins.openvas.org
17
0.799 High
EPSS
Percentile
98.0%
This host is installed with Advantech Studio and is prone multiple
to buffer overflow vulnerability.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_advantech_studio_mult_bof_vuln.nasl 7006 2017-08-25 11:51:20Z teissa $
#
# Advantech Studio Multiple Buffer Overflow Vulnerabilities
#
# Authors:
# Madhuri D <[email protected]>
#
# Copyright:
# Copyright (c) 2011 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
tag_impact = "Successful exploitation will allow remote attackers to execute
arbitrary code.
Impact Level: System/Application.";
tag_affected = "Advantech Advantech Studio 6.1 SP6 Build 61.6.0";
tag_insight = "The flaw exists due to a buffer overflow error in the ISSymbol
ActiveX control (ISSymbol.ocx) when processing an overly long 'InternationalOrder',
'InternationalSeparator', 'bstrFileName' or 'LogFileName' property, which
could be exploited by attackers to execute arbitrary code by tricking a user
into visiting a specially crafted web page.";
tag_solution = "Upgrade to hotfix 7.0.01.04 or higher,
For updates refer to http://support.advantech.com.tw/support/DownloadSearchByProduct.aspx?keyword=Advantech+Studio";
tag_summary = "This host is installed with Advantech Studio and is prone multiple
to buffer overflow vulnerability.";
if(description)
{
script_id(902370);
script_version("$Revision: 7006 $");
script_tag(name:"last_modification", value:"$Date: 2017-08-25 13:51:20 +0200 (Fri, 25 Aug 2017) $");
script_tag(name:"creation_date", value:"2011-05-26 10:47:46 +0200 (Thu, 26 May 2011)");
script_cve_id("CVE-2011-0340");
script_bugtraq_id(47596);
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_name("Advantech Studio Multiple Buffer Overflow Vulnerabilities");
script_xref(name : "URL" , value : "http://secunia.com/advisories/42928");
script_xref(name : "URL" , value : "http://secunia.com/secunia_research/2011-37/");
script_xref(name : "URL" , value : "http://www.vupen.com/english/advisories/2011/1116");
script_tag(name:"qod_type", value:"executable_version");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2011 SecPod");
script_family("Buffer overflow");
script_dependencies("secpod_reg_enum.nasl");
script_mandatory_keys("SMB/WindowsVersion");
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name : "impact" , value : tag_impact);
script_tag(name : "affected" , value : tag_affected);
exit(0);
}
include("smb_nt.inc");
include("version_func.inc");
include("secpod_smb_func.inc");
if(!get_kb_item("SMB/WindowsVersion")){
exit(0);
}
key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
if(!registry_key_exists(key:key)) {
exit(0);
}
foreach item (registry_enum_keys(key:key))
{
## Check for InduSoft Thin Client DisplayName
advName = registry_get_sz(key:key + item, item:"DisplayName");
if("Advantech Studio" >< advName)
{
## Get the installed location
advPath = registry_get_sz(key:key + item, item:"InstallLocation");
ocxPath = advPath + "\Redist\Wince 4.0\armv4t\ISSymbolCE.ocx";
share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:ocxPath);
file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:ocxPath);
ocxVer = GetVer(file:file, share:share);
if(!isnull(ocxVer))
{
if(version_is_equal(version:ocxVer, test_version:"301.1009.2904.0") ||
version_is_equal(version:ocxVer, test_version:"61.6.0.0")){
security_message(0);
}
}
}
}
Related
checkpoint_advisories
checkpoint_advisories
InduSoft Thin Client ISSymbol ActiveX Heap Buffer Overflow (CVE-2011-0340)
2012-10-14 00:00:00
prion
prion
Buffer overflow
2011-05-04 22:55:00
securityvulns
securityvulns
InduSoft Thin Client ActiveX buffer overflow
2012-09-02 00:00:00
ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability
2012-09-02 00:00:00
CVE-2011-0340
2012-08-27 00:00:00
ics
ics
InduSoft ISSymbol ActiveX Control Buffer Overflow
2013-10-28 12:00:00
Advantech Studio ISSymbol ActiveX Buffer Overflow
2018-09-06 12:00:00
openvas
openvas
Advantech Studio Multiple Buffer Overflow Vulnerabilities
2011-05-26 00:00:00
InduSoft Products Multiple Buffer overflow Vulnerabilities
2011-05-26 00:00:00
saint
saint
cvelist
cvelist
CVE-2011-0340
2011-05-04 22:00:00
attackerkb
attackerkb
InduSoft Web Studio ISSymbol.ocx InternationalSeparator() Heap Overflow
2011-05-04 00:00:00
zdi
zdi
cve
cve
CVE-2011-0340
2011-05-04 22:55:00
zdt
zdt
InduSoft Web Studio ISSymbol.ocx InternationalSeparator() Overflow
2012-12-19 00:00:00
packetstorm
packetstorm
InduSoft Web Studio ISSymbol.ocx InternationalSeparator() Heap Overflow
2012-12-19 00:00:00