CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
98.6%
Added: 11/02/2012
CVE: CVE-2011-0340
BID: 47596
OSVDB: 72865
Indusoft Thin Client allows access to Indusoft Web Studio projects without requiring Web Studio to be installed. It includes the ISSymbol ActiveX control, which is also included in Indusoft Web Studio and Advantech Studio.
A buffer overflow vulnerability allows command execution when a user loads a web page which invokes the ISSymbol ActiveX control with a long, specially crafted InternationalOrder parameter.
Apply hotfix 70.1.02.12.
http://www.zerodayinitiative.com/advisories/ZDI-12-155/
Exploit works on InduSoft Thin Client v7.0 build 70.1.0 on Windows XP SP3 and Windows 7 SP1 and requires a user to load the exploit page in Internet Explorer 8 or 9. JRE 6 must be installed on Windows 7.
Windows