CVE-2011-0340

Advantech Studio < 7.0 - Memory Corruption

Title source: rule

Description

Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/23500

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Alexander Gavrun, Dmitriy Pletnev · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb

View Code ZIP pw:eip

References (11)

[Various Sources] http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03

[Vendor Advisory] http://secunia.com/advisories/42928

[Vendor Advisory] http://secunia.com/advisories/43116

[Vendor Advisory] http://secunia.com/secunia_research/2011-36/

[Vendor Advisory] http://secunia.com/secunia_research/2011-37/

[Various Sources] http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm

[Various Sources] http://www.indusoft.com/hotfixes/hotfixes.php

[Various Sources] http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-02.pdf

[Vendor Advisory] http://www.vupen.com/english/advisories/2011/1115

[Vendor Advisory] http://www.vupen.com/english/advisories/2011/1116

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/47596

Scores

EPSS 0.4486

EPSS Percentile 97.5%

Classification

CWE

CWE-119

Status draft

Affected Products (5)

advantech/advantech_studio

indusoft/thin_client

indusoft/web_studio < 7.0

indusoft/web_studio

indusoft/web_studio

Timeline

Published May 04, 2011

Tracked Since Feb 18, 2026