InduSoft Web Studio 'CEServer.exe' Remote Code Execution Vulnerability
BID:50675
Info
InduSoft Web Studio 'CEServer.exe' Remote Code Execution Vulnerability
| Bugtraq ID: | 50675 |
| Class: | Design Error |
| CVE: |
CVE-2011-4051 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 15 2011 12:00AM |
| Updated: | Oct 04 2012 10:30AM |
| Credit: | Luigi Aurieema work with Zero Day Initiative |
| Vulnerable: |
Indusoft Web Studio 7.0.1 04 Indusoft Web Studio 7.0B2 Hotfix 7.0.01. Indusoft Web Studio 7.0B2 Indusoft Web Studio 7.0 Indusoft Web Studio 6.1 Indusoft Thin Client 7.0 |
| Not Vulnerable: | |
Discussion
InduSoft Web Studio 'CEServer.exe' Remote Code Execution Vulnerability
InduSoft Web Studio is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application.
InduSoft Web Studio is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application.
Exploit / POC
InduSoft Web Studio 'CEServer.exe' Remote Code Execution Vulnerability
The following exploit is available:
The following exploit is available:
Solution / Fix
InduSoft Web Studio 'CEServer.exe' Remote Code Execution Vulnerability
Solution:
The vendor has released updates. Please see the referenced advisory for details.
Solution:
The vendor has released updates. Please see the referenced advisory for details.
References
InduSoft Web Studio 'CEServer.exe' Remote Code Execution Vulnerability
References:
References:
- ICSA-11-319-01�??INDUSOFT WEB STUDIO MULTIPLE REMOTE VULNERABILITIES (US-CERT)
- Vendor Homepage (InduSoft)
- ZDI-11-330 : InduSoft WebStudio Unauthenticated Remote Operations (Zero Day Initiative)