WellinTech KingView 'KVWebSvr.dll' ActiveX Control Heap Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is installed with KingView and is prone to buffer overflow vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Impact Level: System/Application

Solution

Upgrade KVWebSrv.dll file version to 65.30.2010.18019 For updates refer to http://download.kingview.com/software/kingview%20Chinese%20Version/KVWebSvr.rar ***** NOTE : Ignore this warning, if above mentioned patch is applied already. *****

Insight

The flaw exists due to error in 'KVWebSvr.dll' file, when 'ValidateUser' method in an ActiveX component called with an specially crafted argument to cause a stack-based buffer overflow.

Affected

KingView version 6.53 and 6.52

References

http://osvdb.org/show/osvdb/72889
http://www.us-cert.gov/control_systems/pdf/ICSA-11-074-01.pdf

Updated on 2017-03-28

Severity

Classification

CVE CVE-2011-3142
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash Player Buffer Overflow Vulnerability (Mac OS X)
Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Mac OS X)
Apple Safari 'CSS' Buffer Overflow Vulnerability (Win) - Dec09
Active Perl 'Perl_repeatcpy()' Function Buffer Overflow Vulnerability (Windows)
Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Mac OS X)

Take action and discover your vulnerabilities