InduSoft Products Multiple Buffer Overflow Vulnerabilities Network Vulnerability

Summary

This host is installed with Indusoft products and is prone to buffer overflow vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code. Impact Level: Application.

Solution

Install the hotfix from below link http://www.indusoft.com/hotfixes/hotfixes.php

Insight

The flaw exists due to a buffer overflow error in the ISSymbol ActiveX control (ISSymbol.ocx) when processing an overly long 'InternationalOrder', 'InternationalSeparator', 'bstrFileName' or 'LogFileName' property, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

Affected

InduSoft Thin Client version 7.0 InduSoft Web Studio version before 7.0 SP1

References

http://secunia.com/advisories/43116
http://www.indusoft.com/hotfixes/hotfixes.php
http://www.vupen.com/english/advisories/2011/1116

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0340

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows)
Adobe Shockwave Player 3D Model Buffer Overflow Vulnerabilities
Adobe Reader Multimeda Doc.media.newPlayer Code Execution Vulnerability (Linux)
Cogent DataHub Unicode Buffer Overflow Vulnerability
ChaSen Buffer Overflow Vulnerability (Linux)

InduSoft Products Multiple Buffer overflow Vulnerabilities

Take action and discover your vulnerabilities