CVE-2011-4042
published 2012-04-03CVE-2011-4042: An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary…
PriorityP354critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
6.45%
92.9th percentile
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arcinfo | pcvue | — | — |
| arcinfo | pcvue | — | — |
| arcinfo | pcvue | — | — |
| arcinfo | pcvue | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
8b00 ff5004 (mov eax,[eax]; call [eax+4]) at offset 02695b9d in SVUIGrd.ocx
bytes↗
8902 (mov [edx],eax) at offset 02198e36 in SVUIGrd.ocx
- →Monitor for instantiation of ActiveX CLSIDs 2BBD45A5-28AE-11D1-ACAC-0800170967D9 (SVUIGrd.ocx) and 083B40D3-CCBA-11D2-AFE0-00C04F7993D6 (aipgctl.ocx) from within browser processes (e.g., iexplore.exe), which may indicate exploitation via a crafted HTML document. ↗
- →The vulnerable SaveObject/LoadObject methods in SVUIGrd.ocx use the aStream parameter directly as a function pointer; detect calls to these methods with attacker-controlled numeric arguments from untrusted HTML contexts. ↗
- →The GetExtendedColor method of SVUIGrd.ocx enables an arbitrary 4-byte memory write (write-what-where); monitor for abnormal memory write patterns originating from SVUIGrd.ocx loaded in browser processes. ↗
- →The SaveObject/LoadObject methods accept a filename parameter susceptible to directory traversal; monitor file system activity from SVUIGrd.ocx for writes/reads outside expected directories using path sequences such as '../'. ↗
- →The DeletePage method of aipgctl.ocx (CLSID 083B40D3-CCBA-11D2-AFE0-00C04F7993D6) is vulnerable to an array overflow leading to code execution; detect invocation of DeletePage with out-of-bounds index values from browser/HTML contexts. ↗
- →Exploitation requires social engineering to lure a target to a malicious site or open a crafted HTML e-mail; the affected software does not need to be running for the vulnerability to be exploited. ↗
- ·SVUIGrd.ocx version 1.5.1.0 and aipgctl.ocx version 1.07.3702 are the confirmed vulnerable versions; versions of SVUIGrd.ocx beyond 1.5.1.0 may not be affected. ↗
- ·Public PoC exploit code exists for these vulnerabilities, lowering the bar for exploitation. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2f29-qx45-3v8j: An unspecified ActiveX control in SVUIGrd
ghsa_unreviewed·2022-05-17
CVE-2011-4042 [HIGH] GHSA-2f29-qx45-3v8j: An unspecified ActiveX control in SVUIGrd
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer.
CISA ICS
ARC Informatique PcVue HMI/SCADA ActiveX Vulnerabilities
cisa_ics·2018-09-06
ARC Informatique PcVue HMI/SCADA ActiveX Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
ARC Informatique PcVue HMI/SCADA ActiveX Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-11-340-01
## Overview
This Advisory is a follow-up to the Alert, “ICS-ALERT-11-271-01 - ARC Informatique PcVue HMI/SCADA ActiveX Vulnerabilities.”
ICS-CERT is aware of publicly and privately disclosed reports of four vulnerabilities in ARC Informatique’s PcVue application. These vulnerabilities include:
- potential to write memory
- possible file corruption
- remote code execution
- denial of service.
Independent researcher Kuang-Chun Hung of Security Research and Service
No detection rules found.
No writeups or analysis indexed.
http://www.pcvuesolutions.com/index.php?option=com_content&view=article&id=244&Itemid=257http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdfhttps://support.pcvuescada.com/index.php?option=com_k2&view=item&id=512&Itemid=440http://www.pcvuesolutions.com/index.php?option=com_content&view=article&id=244&Itemid=257http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdfhttps://support.pcvuescada.com/index.php?option=com_k2&view=item&id=512&Itemid=440
2012-04-03
Published