InduSoft Products Multiple Buffer Overflow Vulnerabilities Network Vulnerability

Summary

This host is installed with Indusoft products and is prone to buffer overflow vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code. Impact Level: Application.

Solution

Install the hotfix from below link http://www.indusoft.com/hotfixes/hotfixes.php

Insight

The flaw exists due to a buffer overflow error in the ISSymbol ActiveX control (ISSymbol.ocx) when processing an overly long 'InternationalOrder', 'InternationalSeparator', 'bstrFileName' or 'LogFileName' property, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

Affected

InduSoft Thin Client version 7.0 InduSoft Web Studio version before 7.0 SP1

References

http://secunia.com/advisories/43116
http://www.indusoft.com/hotfixes/hotfixes.php
http://www.vupen.com/english/advisories/2011/1116

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0340
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apple iTunes 'itms:' URI Stack Buffer Overflow Vulnerability
Cyrus SASL Remote Buffer Overflow Vulnerability
Adobe Audition '.ses' Multiple Buffer Overflow Vulnerabilities (Windows)
Buffer Overflow Vulnerability in Adobe Reader (Linux)
Adobe Reader/Acrobat Multiple Vulnerabilities - Nov08 (Win)

InduSoft Products Multiple Buffer overflow Vulnerabilities

Take action and discover your vulnerabilities