cbcvebase.
CVE-2011-4536
published 2011-12-27

CVE-2011-4536: Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka HistoryServer.exe) in WellinTech KingView 6.53 and 65.30.2010.18018 allows remote…

PriorityP353critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
8.63%
94.4th percentile
Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka HistoryServer.exe) in WellinTech KingView 6.53 and 65.30.2010.18018 allows remote attackers to execute arbitrary code via a crafted op-code 3 packet.

Affected

2 ranges
VendorProductVersion rangeFixed in
wellintechkingview
wellintechkingview

Detection & IOCsextracted from sources · hover to see the quote

port777/TCP
filenamenettransdll.dll
filenameHistorySvr.exe
commandop-code 3 packet
  • Monitor for inbound TCP connections to port 777 targeting HistorySvr.exe / HistoryServer.exe, particularly packets that exceed a specified length — indicative of the heap overflow trigger.
  • Inspect traffic to port 777/TCP for op-code 3 packets with anomalous or oversized payloads directed at WellinTech KingView HistoryServer.
  • Alert on unexpected crashes or restarts of HistorySvr.exe / HistoryServer.exe, which may indicate exploitation attempts of the heap overflow.
  • ·Firewall rules blocking port 777/TCP are recommended as a primary mitigation to prevent remote exploitation.
  • ·No known exploits specifically targeting this vulnerability were identified at time of advisory publication, but the vulnerability is remotely exploitable with intermediate skill level.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.