CVE-2011-3488

Equis MetaStock < 11.0 - Use-After-Free via Malformed Chart or Template

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-3488. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This is a writeup describing a use-after-free vulnerability in Equis MetaStock <= 11. The vulnerability is triggered by malformed MWL files, leading to potential arbitrary code execution. The document includes crash analysis and references to PoC files but does not contain executable exploit code.

Description

Use-after-free vulnerability in Equis MetaStock 11 and earlier allows remote attackers to execute arbitrary code via a malformed (1) mwc chart, (2) mws chart, (3) mwt template, or (4) mwl layout.

Exploits (1)

exploitdb WRITEUP

by Luigi Auriemma · textdoswindows

https://www.exploit-db.com/exploits/17836

View Code ZIP pw:eip

This is a writeup describing a use-after-free vulnerability in Equis MetaStock <= 11. The vulnerability is triggered by malformed MWL files, leading to potential arbitrary code execution. The document includes crash analysis and references to PoC files but does not contain executable exploit code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Equis MetaStock <= 11

No auth needed

Prerequisites: Malformed MWL file

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

http://aluigi.altervista.org/adv/metastock_1-adv.txt

Scores

EPSS 0.0473

EPSS Percentile 90.7%

Details

CWE

CWE-399

Status published

Products (7)

equis/metastock 8.0

equis/metastock 9.0

equis/metastock 9.1

equis/metastock 9.2

equis/metastock 10.0

equis/metastock 10.1

equis/metastock < 11.0

Published Sep 16, 2011

Tracked Since Feb 18, 2026