{"api_version":"1","generated_at":"2026-07-01T09:19:49+00:00","cve":"CVE-2011-0340","urls":{"html":"https://cve.report/CVE-2011-0340","api":"https://cve.report/api/cve/CVE-2011-0340.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-0340","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-0340"},"summary":{"title":"CVE-2011-0340","description":"Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.","state":"PUBLISHED","assigner":"flexera","published_at":"2011-05-04 22:55:01","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-119","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"9.3","severity":"","vector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.vupen.com/english/advisories/2011/1116","name":"http://www.vupen.com/english/advisories/2011/1116","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2011/1115","name":"http://www.vupen.com/english/advisories/2011/1115","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/47596","name":"http://www.securityfocus.com/bid/47596","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Advantech Studio ISSymbol ActiveX Control Multiple Buffer Overflow Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/42928","name":"http://secunia.com/advisories/42928","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Advantech ISSymbol ActiveX Control Multiple Buffer Overflow Vulnerabilities - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-02.pdf","name":"http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-02.pdf","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"404 - File Not Found | CISA","mime":"application/pdf","httpstatus":"404","archivestatus":"200"},{"url":"http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03","name":"http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"InduSoft ISSymbol ActiveX Control Buffer Overflow | ICS-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/secunia_research/2011-36/","name":"http://secunia.com/secunia_research/2011-36/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Secunia - The Leading Provider of Vulnerability Management and Vulnerability Intelligence Solutions","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm","name":"http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Advantech Studio Test Web Server Buffer Overflow Notice","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/secunia_research/2011-37/","name":"http://secunia.com/secunia_research/2011-37/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Secunia - The Leading Provider of Vulnerability Management and Vulnerability Intelligence Solutions","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.indusoft.com/hotfixes/hotfixes.php","name":"http://www.indusoft.com/hotfixes/hotfixes.php","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"InduSoft Web Studio - Hotfix Request","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/43116","name":"http://secunia.com/advisories/43116","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"InduSoft ISSymbol ActiveX Control Multiple Buffer Overflow Vulnerabilities - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-0340","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0340","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"advantech","cpe5":"advantech_studio","cpe6":"6.1","cpe7":"sp6_61.6.01.05","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"indusoft","cpe5":"thin_client","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"indusoft","cpe5":"web_studio","cpe6":"6.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"340","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"indusoft","cpe5":"web_studio","cpe6":"6.1","cpe7":"sp6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"340","vulnerable":"1","versionEndIncluding":"7.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"indusoft","cpe5":"web_studio","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2011-0340","qid":"590851","title":"Advantech Studio ISSymbol ActiveX Buffer Overflow Multiple Vulnerabilities (ICSA-12-137-02)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T21:51:07.976Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"43116","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/43116"},{"name":"47596","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/47596"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://secunia.com/secunia_research/2011-37/"},{"name":"ADV-2011-1116","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2011/1116"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03"},{"name":"42928","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/42928"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-02.pdf"},{"name":"ADV-2011-1115","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2011/1115"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.indusoft.com/hotfixes/hotfixes.php"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://secunia.com/secunia_research/2011-36/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2011-04-27T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2012-05-22T09:00:00.000Z","orgId":"44d08088-2bea-4760-83a6-1e9be26b15ab","shortName":"flexera"},"references":[{"name":"43116","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/43116"},{"name":"47596","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/47596"},{"tags":["x_refsource_MISC"],"url":"http://secunia.com/secunia_research/2011-37/"},{"name":"ADV-2011-1116","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2011/1116"},{"tags":["x_refsource_MISC"],"url":"http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03"},{"name":"42928","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/42928"},{"tags":["x_refsource_MISC"],"url":"http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-02.pdf"},{"name":"ADV-2011-1115","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2011/1115"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.indusoft.com/hotfixes/hotfixes.php"},{"tags":["x_refsource_MISC"],"url":"http://secunia.com/secunia_research/2011-36/"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"PSIRT-CNA@flexerasoftware.com","ID":"CVE-2011-0340","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"43116","refsource":"SECUNIA","url":"http://secunia.com/advisories/43116"},{"name":"47596","refsource":"BID","url":"http://www.securityfocus.com/bid/47596"},{"name":"http://secunia.com/secunia_research/2011-37/","refsource":"MISC","url":"http://secunia.com/secunia_research/2011-37/"},{"name":"ADV-2011-1116","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2011/1116"},{"name":"http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03","refsource":"MISC","url":"http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03"},{"name":"42928","refsource":"SECUNIA","url":"http://secunia.com/advisories/42928"},{"name":"http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-02.pdf","refsource":"MISC","url":"http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-02.pdf"},{"name":"ADV-2011-1115","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2011/1115"},{"name":"http://www.indusoft.com/hotfixes/hotfixes.php","refsource":"CONFIRM","url":"http://www.indusoft.com/hotfixes/hotfixes.php"},{"name":"http://secunia.com/secunia_research/2011-36/","refsource":"MISC","url":"http://secunia.com/secunia_research/2011-36/"},{"name":"http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm","refsource":"CONFIRM","url":"http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm"}]}}}},"cveMetadata":{"assignerOrgId":"44d08088-2bea-4760-83a6-1e9be26b15ab","assignerShortName":"flexera","cveId":"CVE-2011-0340","datePublished":"2011-05-04T22:00:00.000Z","dateReserved":"2011-01-06T00:00:00.000Z","dateUpdated":"2024-08-06T21:51:07.976Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2011-05-04 22:55:01","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-119","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:advantech:advantech_studio:6.1:sp6_61.6.01.05:*:*:*:*:*:*","matchCriteriaId":"9D2F2836-EF2C-4110-8740-0F32957B0FCA"},{"vulnerable":true,"criteria":"cpe:2.3:a:indusoft:thin_client:7.0:*:*:*:*:*:*:*","matchCriteriaId":"26902C28-F3E8-488D-B8F5-4A1E8C731FC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:indusoft:web_studio:*:*:*:*:*:*:*:*","versionEndIncluding":"7.0","matchCriteriaId":"8E16C750-58D3-4BED-AB96-52B7365ED5C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:indusoft:web_studio:6.1:*:*:*:*:*:*:*","matchCriteriaId":"82BF1958-F098-4E55-B97C-F15253A63228"},{"vulnerable":true,"criteria":"cpe:2.3:a:indusoft:web_studio:6.1:sp6:*:*:*:*:*:*","matchCriteriaId":"88A43470-16F3-4B89-A8A3-8B77880A315D"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"340","Ordinal":"1","Title":"CVE-2011-0340","CVE":"CVE-2011-0340","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"340","Ordinal":"1","NoteData":"Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.","Type":"Description","Title":"CVE-2011-0340"},{"CveYear":"2011","CveId":"340","Ordinal":"2","NoteData":"2011-05-04","Type":"Other","Title":"Published"},{"CveYear":"2011","CveId":"340","Ordinal":"3","NoteData":"2012-05-22","Type":"Other","Title":"Modified"}]}}}