BID:51266

Siemens Tecnomatix FactoryLink ActiveX Control Buffer Overflow Vulnerability

Info

Siemens Tecnomatix FactoryLink ActiveX Control Buffer Overflow Vulnerability

Bugtraq ID:	51266
Class:	Boundary Condition Error
CVE:	CVE-2011-4055
Remote:	Yes
Local:	No
Published:	Jan 04 2012 12:00AM
Updated:	Jan 04 2012 12:00AM
Credit:	Kuang-Chun Hung
Vulnerable:	Siemens Tecnomatix FactoryLink 6.6.1 Siemens Tecnomatix FactoryLink 8.0.2.54 Siemens Tecnomatix FactoryLink 7.5.217

Not Vulnerable:

Discussion

Siemens Tecnomatix FactoryLink ActiveX Control Buffer Overflow Vulnerability

Siemens Tecnomatix FactoryLink ActiveX is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code within the context of the application using the vulnerable control (typically Internet Explorer).

The following Siemens Tecnomatix FactoryLink versions are vulnerable:
V8.0.2.54
V7.5.217 (V7.5 SP2)
V6.6.1 (V6.6 SP1)

Exploit / POC

Siemens Tecnomatix FactoryLink ActiveX Control Buffer Overflow Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Siemens Tecnomatix FactoryLink ActiveX Control Buffer Overflow Vulnerability

Solution:
The vendor has released a patch. Please see the references for details.

References

Siemens Tecnomatix FactoryLink ActiveX Control Buffer Overflow Vulnerability

References:

Siemens Tecnomatix FactoryLink Homepage (Siemens)
V ICSA-11-343-01�??SIEMENS FACTORYLINK MULTIPLE ACTIVEX VULNERABILITIES (US-CERT)