WellinTech KingView KingMess.exe Log File Parsing Overflow

2013-03-22T00:00:00
ID SAINT:C7526474CF962810DFE81D4ED7884600
Type saint
Reporter SAINT Corporation
Modified 2013-03-22T00:00:00

Description

Added: 03/22/2013
CVE: CVE-2012-4711
BID: 57909
OSVDB: 89690

Background

WellinTech is a China-based company which produces KingView, a Web-based SCADA application for Windows-based control, monitoring, and data collection that is used internationally.

Problem

WellinTech KingView **KingMess.exe** is vulnerable to buffer overflow as a result of not properly sanitizing user-supplied input when parsing log files. By enticing a user to open a specially crafted file, an attacker could execute arbitrary code in the context of the user running the vulnerable application.

Resolution

Apply the appropriate vendor-supplied patch for the vulnerable version of KingView installed (6.52, 6.53 or 6.55).

References

<http://ics-cert.us-cert.gov/pdf/ICSA-13-043-02.pdf>
<http://secunia.com/advisories/52190/>

Limitations

This exploit was tested against WellinTech KingView 6.53 on Windows XP SP3 English and Windows 7 SP1, both with DEP OptIn.

The user must save the **KVL** file and open it with WellinTech KingView to trigger the vulnerability.

Platforms

Windows