CVE-2011-4034

Steema TeeChart ActiveX < - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4034. Includes Metasploit module exploits/windows/browser/teechart_pro.

AI-analyzed exploit summary This Metasploit module exploits an integer overflow in TeeChart Pro ActiveX control (CVE-2011-4034) by sending a large/negative integer to the AddSeries() property, leading to arbitrary code execution. It includes DEP/ASLR bypass techniques for IE8 with Java support.

Description

Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.

Exploits (1)

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/teechart_pro.rb

View Code ZIP pw:eip

This Metasploit module exploits an integer overflow in TeeChart Pro ActiveX control (CVE-2011-4034) by sending a large/negative integer to the AddSeries() property, leading to arbitrary code execution. It includes DEP/ASLR bypass techniques for IE8 with Java support.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: TeeChart Professional ActiveX Control (TeeChart2010.ocx and earlier versions)

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · TeeChart ActiveX control must be installed and vulnerable

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Vendor Advisory x_refsource_confirm

http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page

Patch, US Government Resource x_refsource_misc

http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf

Patch, Vendor Advisory x_refsource_confirm

http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695

Scores

EPSS 0.1394

EPSS Percentile 96.1%

Details

CWE

CWE-119

Status published

Products (8)

schneider-electric/citecthistorian 4.20

schneider-electric/citecthistorian < 4.30

schneider-electric/citectscada_reports 4.0

schneider-electric/citectscada_reports < 4.10

schneider-electric/vijeo_historian 4.0

schneider-electric/vijeo_historian 4.10

schneider-electric/vijeo_historian 4.20

schneider-electric/vijeo_historian < 4.30

Published Dec 02, 2011

Tracked Since Feb 18, 2026