VisiWave Site Survey Arbitrary Code Execution Vulnerability Network Vulnerability

Summary

This host is installed with VisiWave Site Survey and is prone to arbitrary code execution vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code. Impact Level: Application.

Solution

Upgrade to VisiWave Site Survey version 2.1.9 or later. For updates refer to http://www.visiwave.com/index.php/ScrInfoDownload.html

Insight

The flaw exists due to an error when processing report files and can be exploited to perform a virtual function call into an arbitrary memory location via a specially crafted 'Type' property.

Affected

VisiWave Site Survey version prior to 2.1.9

References

http://secunia.com/advisories/44636
http://www.visiwave.com/blog/index.php?/archives/4-Version-2.1.9-Released.html

Updated on 2017-03-28

Severity

Classification

CVE CVE-2011-2386
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)
Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)
Adobe AIR Multiple Vulnerabilities -02 April 13 (Mac OS X)
Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
Adobe Acrobat Remote Code Execution Vulnerability(Win)

Take action and discover your vulnerabilities