Advantech Studio Multiple Buffer Overflow Vulnerabilities Network Vulnerability

Summary

This host is installed with Advantech Studio and is prone multiple to buffer overflow vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code. Impact Level: System/Application.

Solution

Upgrade to hotfix 7.0.01.04 or higher, For updates refer to http://support.advantech.com.tw/support/DownloadSearchByProduct.aspx?keyword=Advantech+Studio

Insight

The flaw exists due to a buffer overflow error in the ISSymbol ActiveX control (ISSymbol.ocx) when processing an overly long 'InternationalOrder', 'InternationalSeparator', 'bstrFileName' or 'LogFileName' property, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

Affected

Advantech Advantech Studio 6.1 SP6 Build 61.6.0

References

http://secunia.com/advisories/42928
http://secunia.com/secunia_research/2011-37/
http://www.vupen.com/english/advisories/2011/1116

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0340
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

BS.Player '.bsl' File Buffer Overflow Vulnerabilities
Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux)
Buffer Overflow Vulnerability in Adobe Reader (Linux)
Adobe Flash Professional JPG Object Processing BOF Vulnerability (Mac OS X)
A-V Tronics InetServ POP3 Denial Of Service Vulnerability

Take action and discover your vulnerabilities