Description
Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey (1) set or (2) get command.
References (4)
Core 4
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-15-097-01
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-15-392
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/73960
Patch x_refsource_confirm
http://www.moxa.com/support/download.aspx?d_id=2114
Scores
EPSS
0.0087
EPSS Percentile
75.4%
Details
CWE
CWE-119
Status
published
Products (1)
moxa/vport_activex_sdk_plus
< 2.7
Published
May 26, 2015
Tracked Since
Feb 18, 2026