CVE-2011-2386

Visiwave Site Survey < 2.1 - Code Injection

Title source: rule

Description

VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type property, which triggers an untrusted pointer dereference.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/17317

View Code ZIP pw:eip

metasploit WORKING POC GREAT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/visiwave_vwr_type.rb

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://secunia.com/advisories/44636

[Exploit] http://www.exploit-db.com/exploits/17317

[Exploit] http://www.securityfocus.com/bid/47948

[Exploit] http://www.stratsec.net/Research/Advisories/VisiWave-Site-Survey-Report-Trusted-Pointer-%28SS-20

[Vendor Advisory] http://www.visiwave.com/blog/index.php?/archives/4-Version-2.1.9-Released.html

[Third Party Advisory, VDB Entry] http://osvdb.org/72464

Scores

EPSS 0.7201

EPSS Percentile 98.8%

Details

CWE

CWE-94

Status published

Products (3)

visiwave/site_survey 1.6.12

visiwave/site_survey 2.0.12

visiwave/site_survey < 2.1

Published Jun 08, 2011

Tracked Since Feb 18, 2026