InduSoft Web Studio 'CEServer' Component Stack-Based Buffer Overflow Vulnerability
BID:50677
Info
InduSoft Web Studio 'CEServer' Component Stack-Based Buffer Overflow Vulnerability
| Bugtraq ID: | 50677 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2011-4052 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 15 2011 12:00AM |
| Updated: | Nov 16 2011 08:05PM |
| Credit: | Luigi Auriemma through Zero Day Initiative. |
| Vulnerable: |
Indusoft Web Studio 7.0 Indusoft Web Studio 6.1 |
| Not Vulnerable: | |
Discussion
InduSoft Web Studio 'CEServer' Component Stack-Based Buffer Overflow Vulnerability
InduSoft Web Studio is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will likely cause denial-of-service conditions.
InduSoft Web Studio 6.1 and 7.0 are vulnerable.
InduSoft Web Studio is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will likely cause denial-of-service conditions.
InduSoft Web Studio 6.1 and 7.0 are vulnerable.
Exploit / POC
InduSoft Web Studio 'CEServer' Component Stack-Based Buffer Overflow Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
InduSoft Web Studio 'CEServer' Component Stack-Based Buffer Overflow Vulnerability
Solution:
The vendor released an update. Please see the references for details.
Solution:
The vendor released an update. Please see the references for details.
References
InduSoft Web Studio 'CEServer' Component Stack-Based Buffer Overflow Vulnerability
References:
References:
- InduSoft: Security Updates and Hotfixes (InduSoft)
- Vendor Homepage (InduSoft)
- ICSA-11-319-01�??INDUSOFT WEB STUDIO MULTIPLE REMOTE VULNERABILITIES (CERT)