Sunway ForceControl WebServer 'httpsvr.exe' Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is installed with Sunway ForceControl and is prone to buffer overflow vulnerability.

Impact

Successful exploitation will allow remote attackers to cause denial of service or execute arbitrary code. Impact Level: System/Application

Solution

Vendor has released a patch to fix the issue, please refer below link for patch information. http://www.sunwayland.com.cn/news_info_.asp?Nid=3593

Insight

The flaw exists due to an error in the WebServer component (httpsvr.exe) and can be exploited to cause a heap-based buffer overflow via a specially crafted URL sent in a web request.

Affected

Sunway ForceControl 6.1 SP1, SP2, and SP3.

References

http://osvdb.org/73124
http://secunia.com/advisories/45033
http://www.exploit-db.com/exploits/17721/
http://www.us-cert.gov/control_systems/pdf/ICSA-11-167-01.pdf

Updated on 2017-03-28

Severity

Classification

CVE CVE-2011-2960
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash Player Buffer Overflow Vulnerability (Linux)
Adobe PageMaker Font Structure Multiple BOF Vulnerabilities
Adobe Reader '/Registry' and '/Ordering' Buffer Overflow Vulnerability (Win)
Dell Webcam 'crazytalk4.ocx' ActiveX Multiple BOF Vulnerabilities
Beatport Player '.m3u' File Buffer Overflow Vulnerability

Take action and discover your vulnerabilities