CVE-2011-4536
published 2011-12-27CVE-2011-4536: Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka HistoryServer.exe) in WellinTech KingView 6.53 and 65.30.2010.18018 allows remote…
PriorityP353critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
8.63%
94.4th percentile
Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka HistoryServer.exe) in WellinTech KingView 6.53 and 65.30.2010.18018 allows remote attackers to execute arbitrary code via a crafted op-code 3 packet.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wellintech | kingview | — | — |
| wellintech | kingview | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for inbound TCP connections to port 777 targeting HistorySvr.exe / HistoryServer.exe, particularly packets that exceed a specified length — indicative of the heap overflow trigger. ↗
- →Inspect traffic to port 777/TCP for op-code 3 packets with anomalous or oversized payloads directed at WellinTech KingView HistoryServer. ↗
- →Alert on unexpected crashes or restarts of HistorySvr.exe / HistoryServer.exe, which may indicate exploitation attempts of the heap overflow. ↗
- ·Firewall rules blocking port 777/TCP are recommended as a primary mitigation to prevent remote exploitation. ↗
- ·No known exploits specifically targeting this vulnerability were identified at time of advisory publication, but the vulnerability is remotely exploitable with intermediate skill level. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
WellinTech KingView History Server Buffer Overflow
cisa_ics·2013-04-26
WellinTech KingView History Server Buffer Overflow
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
WellinTech KingView History Server Buffer Overflow
Last RevisedApril 26, 2013
Alert CodeICSA-11-355-02
## Overview
ICS-CERT has received a report from the Zero Day Initiative (ZDI) concerning a heap-based buffer overflow vulnerability in WellinTech’s Kingview HistoryServer.exe, which may allow a remote, unauthenticated attacker to execute arbitrary code. This vulnerability was reported to ZDI by independent security researcher Luigi Auriemma.
WellinTech has produced a patch that is available for download from its website.
## Affected Products
The following WellinTech KingView
GHSA
GHSA-wgpj-cj2f-hw2w: Heap-based buffer overflow in nettransdll
ghsa_unreviewed·2022-05-17
CVE-2011-4536 [HIGH] CWE-119 GHSA-wgpj-cj2f-hw2w: Heap-based buffer overflow in nettransdll
Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka HistoryServer.exe) in WellinTech KingView 6.53 and 65.30.2010.18018 allows remote attackers to execute arbitrary code via a crafted op-code 3 packet.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://en.wellintech.com/news/detail.aspx?contentid=166http://secunia.com/advisories/47339http://www.kingview.com/news/detail.aspx?contentid=587http://www.osvdb.org/77992http://www.us-cert.gov/control_systems/pdf/ICSA-11-355-02.pdfhttp://www.zerodayinitiative.com/advisories/ZDI-11-351/http://en.wellintech.com/news/detail.aspx?contentid=166http://secunia.com/advisories/47339http://www.kingview.com/news/detail.aspx?contentid=587http://www.osvdb.org/77992http://www.us-cert.gov/control_systems/pdf/ICSA-11-355-02.pdfhttp://www.zerodayinitiative.com/advisories/ZDI-11-351/
2011-12-27
Published