CVE-2011-4870
Invensys Wonderware InBatch 8.1 SP1-9.5 - Remote Code Execution via ActiveX Control Buffer Overflow
Title source: llmDescription
Multiple buffer overflows in the (1) GUIControls, (2) BatchObjSrv, and (3) BatchSecCtrl ActiveX controls in Invensys Wonderware InBatch 9.0 and 9.0 SP1, and InBatch 8.1 SP1, 9.0 SP2, and 9.5 Server and Runtime Clients, allow remote attackers to execute arbitrary code via a long string in a property value, a different issue than CVE-2011-3141.
References (2)
Core 2
Core References
US Government Resource x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICSA-11-332-01A.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51129
Scores
EPSS
0.0249
EPSS Percentile
82.8%
Details
CWE
CWE-119
Status
published
Products (3)
invensys/wonderware_inbatch
8.1 sp1
invensys/wonderware_inbatch
9.0 (3 CPE variants)
invensys/wonderware_inbatch
9.5
Published
Jan 08, 2012
Tracked Since
Feb 18, 2026