CVE-2011-4535

Craig Peterson Turbopower Abbrevia < 3.05 - Memory Corruption

Title source: rule

Description

Buffer overflow in TurboPower Abbrevia before 4.0, as used in ScadaTEC ScadaPhone 5.3.11.1230 and earlier, ScadaTEC ModbusTagServer 4.1.1.81 and earlier, and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP file.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/17833

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by mr_me · phplocalwindows

https://www.exploit-db.com/exploits/17817

View Code ZIP pw:eip

metasploit WORKING POC GOOD

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/scadaphone_zip.rb

View Code ZIP pw:eip

References (2)

[Patch] http://sourceforge.net/projects/tpabbrevia/files/Abbrevia%204.0.zip/download

[US Government Resource] http://www.us-cert.gov/control_systems/pdf/ICSA-11-362-01.pdf

Scores

EPSS 0.7799

EPSS Percentile 99.0%

Details

CWE

CWE-119

Status published

Products (3)

craig_peterson/turbopower_abbrevia < 3.05

scadatec/modbustagserver < 4.1.1.81

scadatec/scadaphone < 5.3.11.1230

Published Apr 03, 2012

Tracked Since Feb 18, 2026