VisiWave Site Survey Arbitrary Code Execution Vulnerability Network Vulnerability

Summary

This host is installed with VisiWave Site Survey and is prone to arbitrary code execution vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code. Impact Level: Application.

Solution

Upgrade to VisiWave Site Survey version 2.1.9 or later. For updates refer to http://www.visiwave.com/index.php/ScrInfoDownload.html

Insight

The flaw exists due to an error when processing report files and can be exploited to perform a virtual function call into an arbitrary memory location via a specially crafted 'Type' property.

Affected

VisiWave Site Survey version prior to 2.1.9

References

http://secunia.com/advisories/44636
http://www.visiwave.com/blog/index.php?/archives/4-Version-2.1.9-Released.html

Updated on 2017-03-28

Severity

Classification

CVE CVE-2011-2386

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash Media Server multiple vulnerabilities
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)
Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)

Take action and discover your vulnerabilities