CVE-2011-0340
Summary
| CVE | CVE-2011-0340 |
|---|---|
| State | PUBLISHED |
| Assigner | flexera |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2011-05-04 22:55:01 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:M/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Advantech | Advantech Studio | 6.1 | sp6_61.6.01.05 | All | All |
| Application | Indusoft | Thin Client | 7.0 | All | All | All |
| Application | Indusoft | Web Studio | 6.1 | All | All | All |
| Application | Indusoft | Web Studio | 6.1 | sp6 | All | All |
| Application | Indusoft | Web Studio | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Vendor Advisory |
| Advantech Studio ISSymbol ActiveX Control Multiple Buffer Overflow Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Advantech ISSymbol ActiveX Control Multiple Buffer Overflow Vulnerabilities - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| 404 - File Not Found | CISA | af854a3a-2127-422b-91ae-364da2661108 | www.us-cert.gov | |
| InduSoft ISSymbol ActiveX Control Buffer Overflow | ICS-CERT | af854a3a-2127-422b-91ae-364da2661108 | ics-cert.us-cert.gov | |
| Secunia - The Leading Provider of Vulnerability Management and Vulnerability Intelligence Solutions | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Advantech Studio Test Web Server Buffer Overflow Notice | af854a3a-2127-422b-91ae-364da2661108 | www.advantechdirect.com | |
| Secunia - The Leading Provider of Vulnerability Management and Vulnerability Intelligence Solutions | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| InduSoft Web Studio - Hotfix Request | af854a3a-2127-422b-91ae-364da2661108 | www.indusoft.com | |
| InduSoft ISSymbol ActiveX Control Multiple Buffer Overflow Vulnerabilities - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 590851 Advantech Studio ISSymbol ActiveX Buffer Overflow Multiple Vulnerabilities (ICSA-12-137-02)