TeeChart ActiveX Control Buffer Overflow Vulnerability

Bugtraq ID:	50837
Class:	Boundary Condition Error
CVE:	CVE-2011-4034
Remote:	Yes
Local:	No
Published:	Nov 28 2011 12:00AM
Updated:	Nov 28 2011 12:00AM
Credit:	Kuang-Chun Hung
Vulnerable:	Steema TeeChart ActiveX Control 0 Schneider-Electric Vijeo Historian 4.30 Schneider-Electric Vijeo Historian 4.20 Schneider-Electric Vijeo Historian 4.10 Schneider-Electric CitectSCADA Reports 4.10 Schneider-Electric Citect Historian 4.30 Schneider-Electric Citect Historian 4.20
Not Vulnerable:

TeeChart ActiveX Control Buffer Overflow Vulnerability

TeeChart ActiveX control is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code within the context of the application using the vulnerable control. Failed exploit attempts will result in a denial-of-service condition.

TeeChart ActiveX Control Buffer Overflow Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

TeeChart ActiveX Control Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references for more information.

TeeChart ActiveX Control Buffer Overflow Vulnerability

References:

• TeeChart Homepage (Steema Software )
  
• ICSA-11-307-01�??SCHNEIDER ELECTRIC VIJEO HISTORIAN WEB SERVER MULTIPLE VULNERABIL (CERT)
  
• Important security notification - vulnerability in Historian (Schneider Electric)