CVE-2011-4519

MICROSYS PROMOTIC < 8.1.5 - Denial of Service via ActiveX Component

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4519.

AI-analyzed exploit summary The writeup describes a remote code execution vulnerability in Microsys PROMOTIC SCADA software due to an uninitialized pointer in the GetPromoticSite method of the PmTable.ocx ActiveX control. The vulnerability is exploitable remotely but may require user interaction.

Description

Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.

Exploits (1)

exploitdb WRITEUP

doswindows

https://www.exploit-db.com/exploits/18049

View Code ZIP pw:eip

The writeup describes a remote code execution vulnerability in Microsys PROMOTIC SCADA software due to an uninitialized pointer in the GetPromoticSite method of the PmTable.ocx ActiveX control. The vulnerability is exploitable remotely but may require user interaction.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Microsys PROMOTIC 8.1.4

No auth needed

Prerequisites: User interaction to execute ActiveX control

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources x_refsource_confirm

http://www.promotic.eu/en/pmdoc/News.htm#ver80105

US Government Resource x_refsource_misc

http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02

Scores

EPSS 0.0234

EPSS Percentile 81.4%

Details

CWE

CWE-119

Status published

Products (19)

microsys/promotic 8.0.0

microsys/promotic 8.0.1

microsys/promotic 8.0.2

microsys/promotic 8.0.3

microsys/promotic 8.0.4

microsys/promotic 8.0.5

microsys/promotic 8.0.6

microsys/promotic 8.0.7

microsys/promotic 8.0.8

microsys/promotic 8.0.9

... and 9 more

Published May 23, 2013

Tracked Since Feb 18, 2026