1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: InduSoft Web Studio ISSymbol CVE-2011-0340

Web Attack: InduSoft Web Studio ISSymbol CVE-2011-0340

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a heap based buffer overflow vulnerability in Advantech Studio ISSymbol ActiveX Control.

Additional Information

Advantech Studio is an integrated collection of automation tools.

The Advantech Studio ISSymbol ActiveX control ('ISSymbol.ocx') is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate checks on user-supplied input.

1. A heap-based buffer-overflow vulnerability occurs while processing an overly large string in the 'InternationalOrder' property.

2. A heap-based buffer-overflow vulnerability occurs while processing an overly large string in the 'InternationalSeparator' property.

3. A stack-based buffer-overflow vulnerability occurs while handling an overly large string in the 'bstrFileName' parameter of the 'OpenScreen()' function.

4. A stack-based buffer-overflow vulnerability occurs while processing an overly large string in the 'LogFileName' property during the creation of a log file.

Attackers may exploit these issues to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.

Affected

  • Advantech Studio 6.1 SP6 Build 61.6.01.05 is vulnerable; other versions may also be affected.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube