CVEブラウザに戻る

CVE-2011-0340

CRITICAL

9.3

CVSS Severity Score

EPSS Score0.1560%

EPSS Percentile42.44th

Published2011年5月4日

Last Modified2026年4月29日

Vulnerability Description

Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.

Affected Platforms (CPE)

📦

Advantech

Advantech Studio

= 6.1

📦

Indusoft

Thin Client

= 7.0

📦

Indusoft

Web Studio

<= 7.0

📦

Indusoft

Web Studio

= 6.1

📦

Indusoft

Web Studio

= 6.1

References & Advisories

🔗 http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03

🔗 http://secunia.com/advisories/42928

🔗 http://secunia.com/advisories/43116

🔗 http://secunia.com/secunia_research/2011-36/

🔗 http://secunia.com/secunia_research/2011-37/

🔗 http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm

🔗 http://www.indusoft.com/hotfixes/hotfixes.php

🔗 http://www.securityfocus.com/bid/47596

関連する脆弱性情報

CVE-2011-048810.0

Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio...

CVE-2013-16277.8

Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier a...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...