CVE-2011-0340

InduSoft Web Studio < 7.0 - Remote Code Execution via ISSymbol ActiveX Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-0340. PoCs published by Metasploit, Alexander Gavrun, Dmitriy Pletnev, including Metasploit module exploits/windows/browser/indusoft_issymbol_internationalseparator.

AI-analyzed exploit summary This is a Metasploit module exploiting a heap overflow in InduSoft Web Studio's ISSymbol.ocx via the InternationalSeparator() method. It uses heap spraying and ROP chains to achieve remote code execution on vulnerable systems.

Description

Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/23500

This is a Metasploit module exploiting a heap overflow in InduSoft Web Studio's ISSymbol.ocx via the InternationalSeparator() method. It uses heap spraying and ROP chains to achieve remote code execution on vulnerable systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: InduSoft Web Studio <= 61.6.00.00 SP6
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer 6-9 on Windows XP/Vista/7
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Alexander Gavrun, Dmitriy Pletnev · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb

This Metasploit module exploits a heap overflow in InduSoft Web Studio's ISSymbol.ocx via the InternationalSeparator() method, using heap spraying and ROP chains to achieve remote code execution. It targets multiple IE versions on Windows XP, Vista, and 7.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: InduSoft Web Studio <= 61.6.00.00 SP6
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Target must have vulnerable InduSoft Web Studio installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (11)

Core 11
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43116
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/47596
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2011-37/
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/1116
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42928
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/1115
Various Sources x_refsource_confirm
http://www.indusoft.com/hotfixes/hotfixes.php
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2011-36/

Scores

EPSS 0.3235
EPSS Percentile 98.1%

Details

CWE
CWE-119
Status published
Products (4)
advantech/advantech_studio 6.1 sp6_61.6.01.05
indusoft/thin_client 7.0
indusoft/web_studio 6.1 (2 CPE variants)
indusoft/web_studio < 7.0
Published May 04, 2011
Tracked Since Feb 18, 2026