Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:53655208A3B43641249BD22787E168B0
HistoryNov 13, 2012 - 12:00 a.m.

Indusoft Thin Client ISSymbol ActiveX Control InternationalSeparator buffer overflow

2012-11-1300:00:00
SAINT Corporation
download.saintcorporation.com
20

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.799 High

EPSS

Percentile

98.0%

JSON

Added: 11/13/2012
CVE: CVE-2011-0340
BID: 47596
OSVDB: 72865

Background

Indusoft Thin Client allows access to Indusoft Web Studio projects without requiring Web Studio to be installed. It includes the ISSymbol ActiveX control, which is also included in Indusoft Web Studio and Advantech Studio.

Problem

A buffer overflow vulnerability allows command execution when a user loads a web page which invokes the ISSymbol ActiveX control with a long, specially crafted InternationalSeparator parameter.

Resolution

Apply hotfix 70.1.02.12.

References

<http://www.zerodayinitiative.com/advisories/ZDI-12-168/&gt;

Limitations

Exploit works on InduSoft Thin Client v7.0 build 70.1.0 on Windows XP SP3 and Windows 7 SP1 and requires a user to load the exploit page in Internet Explorer 8 or 9. JRE 6 must be installed on Windows 7.

Platforms

Windows

Related

checkpoint_advisories 1
prion 1
securityvulns 3
ics 2
openvas 3
saint 7
cvelist 1
zdt 1
zdi 2
packetstorm 1
attackerkb 1
cve 1
checkpoint_advisories
checkpoint_advisories
InduSoft Thin Client ISSymbol ActiveX Heap Buffer Overflow (CVE-2011-0340)
2012-10-14 00:00:00
prion
prion
Buffer overflow
2011-05-04 22:55:00
securityvulns
securityvulns
InduSoft Thin Client ActiveX buffer overflow
2012-09-02 00:00:00
ZDI-12-168 : InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability
2012-09-02 00:00:00
CVE-2011-0340
2012-08-27 00:00:00
ics
ics
InduSoft ISSymbol ActiveX Control Buffer Overflow
2013-10-28 12:00:00
Advantech Studio ISSymbol ActiveX Buffer Overflow
2018-09-06 12:00:00
openvas
openvas
Advantech Studio Multiple Buffer Overflow Vulnerabilities
2011-05-26 00:00:00
Advantech Studio Multiple Buffer Overflow Vulnerabilities
2011-05-26 00:00:00
InduSoft Products Multiple Buffer overflow Vulnerabilities
2011-05-26 00:00:00
saint
saint
Indusoft Thin Client ISSymbol ActiveX Control InternationalSeparator buffer overflow
2012-11-13 00:00:00
Indusoft Thin Client ISSymbol ActiveX Control InternationalSeparator buffer overflow
2012-11-13 00:00:00
Indusoft Thin Client ISSymbol ActiveX Control InternationalSeparator buffer overflow
2012-11-13 00:00:00
cvelist
cvelist
CVE-2011-0340
2011-05-04 22:00:00
zdt
zdt
InduSoft Web Studio ISSymbol.ocx InternationalSeparator() Overflow
2012-12-19 00:00:00
zdi
zdi
InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability
2012-08-29 00:00:00
InduSoft Thin Client ISSymbol InternationalOrder Remote Code Execution Vulnerability
2012-08-22 00:00:00
packetstorm
packetstorm
InduSoft Web Studio ISSymbol.ocx InternationalSeparator() Heap Overflow
2012-12-19 00:00:00
attackerkb
attackerkb
InduSoft Web Studio ISSymbol.ocx InternationalSeparator() Heap Overflow
2011-05-04 00:00:00
cve
cve
CVE-2011-0340
2011-05-04 22:55:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.799 High

EPSS

Percentile

98.0%

JSON
Related for SAINT:53655208A3B43641249BD22787E168B0
checkpoint_advisories1prion1securityvulns3ics2openvas3saint7cvelist1zdt1zdi2packetstorm1attackerkb1cve1