CVE-2012-2515

Summary

CVE	CVE-2012-2515
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2012-07-05 03:23:00 UTC
Updated	2012-07-17 04:00:00 UTC
Description	Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Emc	Captiva Quickscan Pro	4.6	sp1	All	All
Application	Emc	Captiva Quickscan Pro	4.6	sp1	All	All
Application	Emc	Documentum Applicationxtender Desktop	5.4	All	All	All
Application	Emc	Documentum Applicationxtender Desktop	5.4	All	All	All
Application	Ge	Intelligent Platforms Proficy Batch Execution	5.6	All	All	All
Application	Ge	Intelligent Platforms Proficy Batch Execution	5.6	All	All	All
Application	Ge	Intelligent Platforms Proficy Historian	3.1	All	All	All
Application	Ge	Intelligent Platforms Proficy Historian	3.5	All	All	All
Application	Ge	Intelligent Platforms Proficy Historian	4.0	All	All	All
Application	Ge	Intelligent Platforms Proficy Historian	4.5	All	All	All
Application	Ge	Intelligent Platforms Proficy Historian	3.1	All	All	All
Application	Ge	Intelligent Platforms Proficy Historian	3.5	All	All	All
Application	Ge	Intelligent Platforms Proficy Historian	4.0	All	All	All
Application	Ge	Intelligent Platforms Proficy Historian	4.5	All	All	All
Application	Ge	Intelligent Platforms Proficy Hmi/scada Ifix	5.0	All	All	All
Application	Ge	Intelligent Platforms Proficy Hmi/scada Ifix	5.1	All	All	All
Application	Ge	Intelligent Platforms Proficy Hmi/scada Ifix	5.0	All	All	All
Application	Ge	Intelligent Platforms Proficy Hmi/scada Ifix	5.1	All	All	All
Application	Ge	Intelligent Platforms Proficy Hmi/scada Ifix	5.0	All	All	All
Application	Ge	Intelligent Platforms Proficy Hmi/scada Ifix	5.1	All	All	All
Application	Ge	Intelligent Platforms Proficy Pulse	1.0	All	All	All
Application	Ge	Intelligent Platforms Proficy Pulse	1.0	All	All	All
Application	Ge	Intelligent Platforms Si7 I/o Driver	7.20	All	All	All
Application	Ge	Intelligent Platforms Si7 I/o Driver	7.42	All	All	All
Application	Ge	Intelligent Platforms Si7 I/o Driver	7.20	All	All	All
Application	Ge	Intelligent Platforms Si7 I/o Driver	7.42	All	All	All
Application	Ge	Intelligent Platforms Si7 I/o Driver	7.20	All	All	All
Application	Ge	Intelligent Platforms Si7 I/o Driver	7.42	All	All	All

References

Reference	Source	Link	Tags
Security Advisory SA36905 - KeyWorks KeyHelp ActiveX Control Buffer Overflow Vulnerability - Secunia	SECUNIA	secunia.com	Vendor Advisory
GE Digital Customer Center	CONFIRM	support.ge-ip.com	Vendor Advisory
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
404 - File Not Found \| CISA	MISC	www.us-cert.gov	US Government Resource
Error 404 :(	MISC	retrogod.altervista.org	Exploit
KeyWorks KeyHelp Module 'keyhelp.ocx' ActiveX Control Remote Buffer Overflow Vulnerability	BID	www.securityfocus.com	Exploit
Security Advisory SA36914 - EMC Captiva Products KeyHelp ActiveX Buffer Overflow - Secunia	SECUNIA	secunia.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.