Indusoft Thin Client ISSymbol ActiveX Control InternationalOrder buffer overflow

2012-11-02T00:00:00
ID SAINT:51DFA41C28911D5FF30DC1668DB32E38
Type saint
Reporter SAINT Corporation
Modified 2012-11-02T00:00:00

Description

Added: 11/02/2012
CVE: CVE-2011-0340
BID: 47596
OSVDB: 72865

Background

Indusoft Thin Client allows access to Indusoft Web Studio projects without requiring Web Studio to be installed. It includes the ISSymbol ActiveX control, which is also included in Indusoft Web Studio and Advantech Studio.

Problem

A buffer overflow vulnerability allows command execution when a user loads a web page which invokes the ISSymbol ActiveX control with a long, specially crafted InternationalOrder parameter.

Resolution

Apply hotfix 70.1.02.12.

References

<http://www.zerodayinitiative.com/advisories/ZDI-12-155/>

Limitations

Exploit works on InduSoft Thin Client v7.0 build 70.1.0 on Windows XP SP3 and Windows 7 SP1 and requires a user to load the exploit page in Internet Explorer 8 or 9. JRE 6 must be installed on Windows 7.

Platforms

Windows