PROMOTIC Use After Free Remote Code Execution Vulnerability
BID:52988
Info
PROMOTIC Use After Free Remote Code Execution Vulnerability
| Bugtraq ID: | 52988 |
| Class: | Design Error |
| CVE: |
CVE-2011-4874 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 11 2012 12:00AM |
| Updated: | Apr 11 2012 12:00AM |
| Credit: | Luigi Auriemma |
| Vulnerable: |
PROMOTIC PROMOTIC 8.1.5 PROMOTIC PROMOTIC 8.1.4 PROMOTIC PROMOTIC 8.1.3 |
| Not Vulnerable: |
PROMOTIC PROMOTIC 8.1.7 |
Discussion
PROMOTIC Use After Free Remote Code Execution Vulnerability
PROMOTIC is prone to a remote code-execution vulnerability due to a use-after-free error.
An attacker can leverage this issue to execute arbitrary code with the context of the affected application. This may allow lead to corruption of valid data.
Versions prior to PROMOTIC 8.1.7 are vulnerable.
PROMOTIC is prone to a remote code-execution vulnerability due to a use-after-free error.
An attacker can leverage this issue to execute arbitrary code with the context of the affected application. This may allow lead to corruption of valid data.
Versions prior to PROMOTIC 8.1.7 are vulnerable.
Exploit / POC
PROMOTIC Use After Free Remote Code Execution Vulnerability
Reports indicate that proof-of-concept code is available. Please see the references for more information.
Reports indicate that proof-of-concept code is available. Please see the references for more information.
Solution / Fix
PROMOTIC Use After Free Remote Code Execution Vulnerability
Solution:
Updates are available. Please see the reference for more details.
Solution:
Updates are available. Please see the reference for more details.
References
PROMOTIC Use After Free Remote Code Execution Vulnerability
References:
References:
- ICSA-12-102-03�??MICROSYS PROMOTIC USE AFTER FREE VULNERABILITY (ICS-CERT)
- Promotic Homepage (MICROSYS, spol. s r.o.)