Lucene search
Andrea Micalizzi (rgod)ZDI-15-576HistoryDec 02, 2015 - 12:00 a.m.
Unitronics UniDownloader and Unitronics VisiLogic OPLC IDE IPWorksSSL.HTTPS.1 ActiveX Control PostDataB/FirewallDataB Properties Remote Code Execution Vulnerability
2015-12-0200:00:00
Andrea Micalizzi (rgod)
www.zerodayinitiative.com
24
EPSS
0.326
Percentile
97.1%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Unitronics UniDownloader and Unitronics VisiLogic OPLC IDE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing of the PostDataB and FirewallDataB properties of the IPWorksSSL.HTTPS.1 ActiveX control. Both properties take a value from the script and treat it as the address of a SafeArray and then process information from the SafeArray structure. An attacker can leverage this type confusion to execute arbitrary code under the context of the process.
Related
nvd
nvd
CVE-2015-7905
2015-11-13 03:59:04
cvelist
cvelist
CVE-2015-7905
2015-11-13 02:00:00
cve
cve
CVE-2015-7905
2015-11-13 03:59:04
zdi
zdi
checkpoint_advisories
checkpoint_advisories
prion
prion
Code injection
2015-11-13 03:59:00
ics
ics
Unitronics VisiLogic OPLC IDE Vulnerabilities (Update A)
2018-08-23 12:00:00