CyberSec.Space Logo
CVEブラウザに戻る

CVE-2011-3142

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1370%
EPSS Percentile14.95th
Published2011年8月16日
Last Modified2026年4月29日

Vulnerability Description

Stack-based buffer overflow in an ActiveX control in KVWebSvr.dll in WellinTech KingView 6.52 and 6.53 allows remote attackers to execute arbitrary code via a long second argument to the ValidateUser method.

Affected Platforms (CPE)

📦
Wellintech

Kingview

= 6.52
📦
Wellintech

Kingview

= 6.53

References & Advisories

🔗 http://www.cnvd.org.cn/vulnerability/CNVD-2011-04541
🔗 http://www.exploit-db.com/exploits/16936
🔗 http://www.kingview.com/news/detail.aspx?contentid=537
🔗 http://www.osvdb.org/72889
🔗 http://www.scadahacker.com/exploits-wellintech-kvwebsvr.html
🔗 http://www.securityfocus.com/bid/46757
🔗 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-066-01.pdf
🔗 http://www.us-cert.gov/control_systems/pdf/ICSA-11-074-01.pdf

関連する脆弱性情報

CVE-2012-183010.0

Stack-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to ...

CVE-2011-453610.0

Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka HistoryServer.exe) in WellinTech KingView 6.53 and 65.30.2010...

CVE-2011-040610.0

Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a l...

CVE-2012-183110.0

Heap-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to T...