CyberSec.Space Logo
CVEブラウザに戻る

CVE-2011-0342

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1200%
EPSS Percentile10.87th
Published2011年9月2日
Last Modified2026年4月29日

Vulnerability Description

Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol.ocx 301.1104.601.0 in InduSoft Web Studio 7.0B2 hotfix 7.0.01.04 allow remote attackers to execute arbitrary code via a long parameter to the (1) Open, (2) Close, or (3) SetCurrentLanguage method.

Affected Platforms (CPE)

📦
Indusoft

Web Studio

= 7.0b2

References & Advisories

🔗 http://ics-cert.us-cert.gov/advisories/ICSA-11-273-02
🔗 http://secunia.com/advisories/44875
🔗 http://secunia.com/secunia_research/2011-61/
🔗 http://www.indusoft.com/hotfixes/hotfixes.php
🔗 http://www.securityfocus.com/bid/49403
🔗 http://ics-cert.us-cert.gov/advisories/ICSA-11-273-02
🔗 http://secunia.com/advisories/44875
🔗 http://secunia.com/secunia_research/2011-61/

関連する脆弱性情報

CVE-2011-405110.0

CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authenticati...

CVE-2011-190010.0

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to ...

CVE-2011-048810.0

Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio...

CVE-2012-123910.0

The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x thr...