CVE-2011-2962

Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 - Stack-Based Buffer Overflow via ActiveX Controls

Title source: llm
STIX 2.1

Description

Multiple stack-based buffer overflows in Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via two unspecified ActiveX controls.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/48976
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/68988
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45476
US Government Resource x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICSA-11-195-01.pdf

Scores

EPSS 0.0456
EPSS Percentile 90.5%

Details

CWE
CWE-119
Status published
Products (2)
invensys/wonderware_information_server 3.1
invensys/wonderware_information_server 4.0 (2 CPE variants)
Published Jul 29, 2011
Tracked Since Feb 18, 2026