CVE-2011-0340

Advantech Studio < 7.0 - Memory Corruption

Title source: rule

Description

Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/23500

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Alexander Gavrun, Dmitriy Pletnev · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb

View Code ZIP pw:eip

References (11)

[Vendor Advisory] http://secunia.com/advisories/43116

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/47596

[Vendor Advisory] http://secunia.com/secunia_research/2011-37/

[Vendor Advisory] http://www.vupen.com/english/advisories/2011/1116

[Various Sources] http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03

[Vendor Advisory] http://secunia.com/advisories/42928

[Various Sources] http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-02.pdf

[Vendor Advisory] http://www.vupen.com/english/advisories/2011/1115

[Various Sources] http://www.indusoft.com/hotfixes/hotfixes.php

[Vendor Advisory] http://secunia.com/secunia_research/2011-36/

[Various Sources] http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm

Scores

EPSS 0.4486

EPSS Percentile 97.6%

Details

CWE

CWE-119

Status published

Products (4)

advantech/advantech_studio 6.1 sp6_61.6.01.05

indusoft/thin_client 7.0

indusoft/web_studio 6.1 (2 CPE variants)

indusoft/web_studio < 7.0

Published May 04, 2011

Tracked Since Feb 18, 2026