Advantech Studio ISSymbol ActiveX Control Multiple Buffer Overflow Vulnerabilities

high Nessus Plugin ID 60084

Synopsis

The remote Windows host has an ActiveX control that is affected by multiple buffer overflow vulnerabilities.

Description

The remote Windows host is running a version of Advantech's ISSymbol (ISSymbol.ocx) ActiveX control that is affected by multiple buffer overflow vulnerabilities. These vulnerabilities can be exploited to execute arbitrary code via long values for the 'InternationalOrder', 'InternationalSeparator', or 'LogFileName' properties; or by a long 'bstrFileName' argument on the 'OpenScreen()' method.

Solution

Follow the vendor's advisory to apply a hotfix.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-12-155/

https://www.zerodayinitiative.com/advisories/ZDI-12-168/

https://seclists.org/fulldisclosure/2012/Aug/276

https://seclists.org/fulldisclosure/2012/Aug/344

http://www.nessus.org/u?ef59308d

http://www.indusoft.com/Products-Downloads/Security-Hotfix-Updates

Plugin Details

Severity: High

ID: 60084

File Name: scada_advantech_studio_issymbol_activex_bof.nbin

Version: 1.237

Type: local

Agent: windows

Family: SCADA

Published: 7/20/2012

Updated: 11/22/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2011-0340

Vulnerability Information

CPE: cpe:/a:advantech:advantech_studio

Required KB Items: SCADA/Apps/Advantech/Studio/Installed, SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/30/2011

Vulnerability Publication Date: 9/1/2011

Exploitable With

Core Impact

Metasploit (InduSoft Web Studio ISSymbol.ocx InternationalSeparator() Heap Overflow)

ExploitHub (EH-13-398)

Reference Information

CVE: CVE-2011-0340

BID: 47596

ICS-ALERT: 11-131-01

ICSA: 11-168-01, 11-168-01A, 12-137-02, 12-249-03