Automated Solutions Modbus RTU/ASCII/TCP Slave ActiveX Control Heap Buffer Overflow Vulnerability
BID:25713
Info
Automated Solutions Modbus RTU/ASCII/TCP Slave ActiveX Control Heap Buffer Overflow Vulnerability
| Bugtraq ID: | 25713 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4827 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 18 2007 12:00AM |
| Updated: | Nov 03 2008 11:15PM |
| Credit: | Ganesh Devarajan of TippingPoint DVLabs is credited with the discovery of this vulnerability. |
| Vulnerable: |
Automated Solutions Modbus TCP Slave ActiveX Control Heap Corruption 0 |
| Not Vulnerable: | |
Discussion
Automated Solutions Modbus RTU/ASCII/TCP Slave ActiveX Control Heap Buffer Overflow Vulnerability
Automated Solutions Modbus RTU/ASCII/TCP Slave ActiveX control is prone to a heap-based buffer-overflow vulnerability because the applications fail to perform adequate boundary-checks on user-supplied data.
Successfully exploiting this issue will allow an attacker to execute arbitrary code within the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.
Automated Solutions Modbus RTU/ASCII/TCP Slave ActiveX control is prone to a heap-based buffer-overflow vulnerability because the applications fail to perform adequate boundary-checks on user-supplied data.
Successfully exploiting this issue will allow an attacker to execute arbitrary code within the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.
Exploit / POC
Automated Solutions Modbus RTU/ASCII/TCP Slave ActiveX Control Heap Buffer Overflow Vulnerability
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Automated Solutions Modbus RTU/ASCII/TCP Slave ActiveX Control Heap Buffer Overflow Vulnerability
Solution:
The vendor has released an update to address this issue. Contact the vendor for details on obtaining and applying the appropriate updates.
Solution:
The vendor has released an update to address this issue. Contact the vendor for details on obtaining and applying the appropriate updates.
References
Automated Solutions Modbus RTU/ASCII/TCP Slave ActiveX Control Heap Buffer Overflow Vulnerability
References:
References:
- Automated Solutions Homepage (Automated Solutions)
- Automated Solutions Modbus TCP Slave ActiveX Control Heap Corruption Vulnerabili (Tipping Point)
- Vulnerability Note VU#981849 Automated Solutions Modbus TCP Slave ActiveX Contro (US-CERT)