Summary
This host is installed with Advantech Studio and is prone multiple to buffer overflow vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code.
Impact Level: System/Application.
Solution
Upgrade to hotfix 7.0.01.04 or higher,
For updates refer to http://support.advantech.com.tw/support/DownloadSearchByProduct.aspx?keyword=Advantech+Studio
Insight
The flaw exists due to a buffer overflow error in the ISSymbol ActiveX control (ISSymbol.ocx) when processing an overly long 'InternationalOrder', 'InternationalSeparator', 'bstrFileName' or 'LogFileName' property, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
Affected
Advantech Advantech Studio 6.1 SP6 Build 61.6.0
References
Severity
Classification
-
CVE CVE-2011-0340 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- BS.Player '.bsl' File Buffer Overflow Vulnerabilities
- Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux)
- Buffer Overflow Vulnerability in Adobe Reader (Linux)
- Adobe Flash Professional JPG Object Processing BOF Vulnerability (Mac OS X)
- A-V Tronics InetServ POP3 Denial Of Service Vulnerability