CVE-2011-0342
published 2011-09-02CVE-2011-0342: Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol.ocx 301.1104.601.0 in InduSoft Web Studio 7.0B2 hotfix 7.0.01.04 allow remote…
PriorityP348critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.92%
92.3th percentile
Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol.ocx 301.1104.601.0 in InduSoft Web Studio 7.0B2 hotfix 7.0.01.04 allow remote attackers to execute arbitrary code via a long parameter to the (1) Open, (2) Close, or (3) SetCurrentLanguage method.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| indusoft | web_studio | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-45h5-2g4g-9qjg: Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol
ghsa_unreviewed·2022-05-17
CVE-2011-0342 [HIGH] CWE-119 GHSA-45h5-2g4g-9qjg: Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol
Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol.ocx 301.1104.601.0 in InduSoft Web Studio 7.0B2 hotfix 7.0.01.04 allow remote attackers to execute arbitrary code via a long parameter to the (1) Open, (2) Close, or (3) SetCurrentLanguage method.
CISA ICS
InduSoft ISSymbol ActiveX Control Buffer Overflow
cisa_ics·2013-10-28·CVSS 10.0
[CRITICAL] InduSoft ISSymbol ActiveX Control Buffer Overflow
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
InduSoft ISSymbol ActiveX Control Buffer Overflow
Last RevisedOctober 28, 2013
Alert CodeICSA-11-273-02
## Overview
ICS-CERT has received a report from independent security researcher Dmitriy Pletnev of Secunia Research about ActiveX control buffer overflow vulnerabilities with proof-of-concept exploit code affecting the InduSoft ISSymbol product. Secunia has coordinated with InduSoft, who has produced a patch that mitigates these vulnerabilities. ICS-CERT has not validated the patch.
## Affected Products
The vulnerabilities affect InduSoft Web Studio Versions 7.0B2 (Build: 03
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://ics-cert.us-cert.gov/advisories/ICSA-11-273-02http://secunia.com/advisories/44875http://secunia.com/secunia_research/2011-61/http://www.indusoft.com/hotfixes/hotfixes.phphttp://www.securityfocus.com/bid/49403http://ics-cert.us-cert.gov/advisories/ICSA-11-273-02http://secunia.com/advisories/44875http://secunia.com/secunia_research/2011-61/http://www.indusoft.com/hotfixes/hotfixes.phphttp://www.securityfocus.com/bid/49403
2011-09-02
Published