ARC PcVue ActiveX Control SCADA Remote Code Execution (CVE-2011-4042; CVE-2011-4043 ; CVE-2011-4044; CVE-2011-4045)

A buffer overflow vulnerability has been reported in SCADA ARC PcVue...

CVE-2011-4043

CVE-2011-4043 is a buffer overflow in ARC Informatique PcVue’s SVUIGrd.ocx ActiveX control. A crafted large integer input can trigger memory corruption and remote code execution. Affected products include PcVue 6.0–10.0, FrontVue, and PlantVue. Red Hat and ICS-CERT sources corroborate the vulnera...

KLA10292 Multiple vulnerabilities in PcVue

Multiple critical vulnerabilities have been found in PcVue. Malicious users can exploit these vulnerabilities to execute arbitrary code, modify local files or cause denial of service. Below is a complete list of vulnerabilities 1. Unspecified vectors can be exploited remotely; 2. A buffer overflo...

Arc Informatique产品多个ActiveX控件漏洞

CVE ID: CVE-2011-4042,CVE-2011-4043,CVE-2011-4044,CVE-2011-4045 ARC Informatique是开发人机接口、监控和数据捕获HMI/SCADA软件的法国公司。 多个Arc Informatique产品在实现上存在多个安全漏洞，可被恶意用户利用操作某些数据并控制用户系统。 1）处理"SaveObject"和"LoadObject"方法SVUIGrd.ocx时存在的错误可被利用通过特制的"aStream"参数执行虚拟函数调用任意内存位置； 2）"GetExtendedColor"方法SVUIGrd.ocx中的错误可被利用破坏内...