Lucene search

K
saintSAINT CorporationSAINT:51DFA41C28911D5FF30DC1668DB32E38
HistoryNov 02, 2012 - 12:00 a.m.

Indusoft Thin Client ISSymbol ActiveX Control InternationalOrder buffer overflow

2012-11-0200:00:00
SAINT Corporation
my.saintcorporation.com
415
indusoft thin client
issymbol activex control
buffer overflow
cve-2011-0340
hotfix 70.1.02.12
windows
command execution
vulnerability
internationalorder parameter
internet explorer 8
internet explorer 9
jre 6

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

0.854

Percentile

98.6%

Added: 11/02/2012
CVE: CVE-2011-0340
BID: 47596
OSVDB: 72865

Background

Indusoft Thin Client allows access to Indusoft Web Studio projects without requiring Web Studio to be installed. It includes the ISSymbol ActiveX control, which is also included in Indusoft Web Studio and Advantech Studio.

Problem

A buffer overflow vulnerability allows command execution when a user loads a web page which invokes the ISSymbol ActiveX control with a long, specially crafted InternationalOrder parameter.

Resolution

Apply hotfix 70.1.02.12.

References

http://www.zerodayinitiative.com/advisories/ZDI-12-155/

Limitations

Exploit works on InduSoft Thin Client v7.0 build 70.1.0 on Windows XP SP3 and Windows 7 SP1 and requires a user to load the exploit page in Internet Explorer 8 or 9. JRE 6 must be installed on Windows 7.

Platforms

Windows

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

0.854

Percentile

98.6%