Indusoft Thin Client ISSymbol ActiveX Control InternationalSeparator buffer overflow

2012-11-1300:00:00

SAINT Corporation

download.saintcorporation.com

0.841 High

EPSS

Percentile

98.5%

JSON

Added: 11/13/2012
CVE: CVE-2011-0340
BID: 47596
OSVDB: 72865

Background

Indusoft Thin Client allows access to Indusoft Web Studio projects without requiring Web Studio to be installed. It includes the ISSymbol ActiveX control, which is also included in Indusoft Web Studio and Advantech Studio.

Problem

A buffer overflow vulnerability allows command execution when a user loads a web page which invokes the ISSymbol ActiveX control with a long, specially crafted InternationalSeparator parameter.

Resolution

Apply hotfix 70.1.02.12.

References

<http://www.zerodayinitiative.com/advisories/ZDI-12-168/>

Limitations

Exploit works on InduSoft Thin Client v7.0 build 70.1.0 on Windows XP SP3 and Windows 7 SP1 and requires a user to load the exploit page in Internet Explorer 8 or 9. JRE 6 must be installed on Windows 7.