CyberSec.Space Logo
Back to CVE Browser

CVE-2011-3142

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1370%
EPSS Percentile14.95th
PublishedAug 16, 2011
Last ModifiedApr 29, 2026

Vulnerability Description

Stack-based buffer overflow in an ActiveX control in KVWebSvr.dll in WellinTech KingView 6.52 and 6.53 allows remote attackers to execute arbitrary code via a long second argument to the ValidateUser method.

Affected Platforms (CPE)

πŸ“¦
Wellintech

Kingview

= 6.52
πŸ“¦
Wellintech

Kingview

= 6.53

References & Advisories

πŸ”— http://www.cnvd.org.cn/vulnerability/CNVD-2011-04541
πŸ”— http://www.exploit-db.com/exploits/16936
πŸ”— http://www.kingview.com/news/detail.aspx?contentid=537
πŸ”— http://www.osvdb.org/72889
πŸ”— http://www.scadahacker.com/exploits-wellintech-kvwebsvr.html
πŸ”— http://www.securityfocus.com/bid/46757
πŸ”— http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-066-01.pdf
πŸ”— http://www.us-cert.gov/control_systems/pdf/ICSA-11-074-01.pdf

Related Vulnerabilities

CVE-2012-183010.0

Stack-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to ...

CVE-2011-453610.0

Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka HistoryServer.exe) in WellinTech KingView 6.53 and 65.30.2010...

CVE-2011-040610.0

Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a l...

CVE-2012-183110.0

Heap-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to T...