Advantech Studio Multiple Buffer Overflow Vulnerabilities Network Vulnerability

Summary

This host is installed with Advantech Studio and is prone multiple to buffer overflow vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code. Impact Level: System/Application.

Solution

Upgrade to hotfix 7.0.01.04 or higher, For updates refer to http://support.advantech.com.tw/support/DownloadSearchByProduct.aspx?keyword=Advantech+Studio

Insight

The flaw exists due to a buffer overflow error in the ISSymbol ActiveX control (ISSymbol.ocx) when processing an overly long 'InternationalOrder', 'InternationalSeparator', 'bstrFileName' or 'LogFileName' property, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

Affected

Advantech Advantech Studio 6.1 SP6 Build 61.6.0

References

http://secunia.com/advisories/42928
http://secunia.com/secunia_research/2011-37/
http://www.vupen.com/english/advisories/2011/1116

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0340

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Beatport Player '.m3u' File Buffer Overflow Vulnerability
avast! Multiple Vulnerabilities - Oct09 (Win)
Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux)
Adobe Reader/Acrobat Multiple BOF Vulnerabilities - Jun09 (Win)
Buffer Overflow Vulnerability in Adobe Acrobat and Reader (Win)

Take action and discover your vulnerabilities