CVE-2011-4874
published 2012-04-13CVE-2011-4874: Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service…
PriorityP431high7.9CVSS 2.0
AVAACMAuNCCICAC
EPSS
1.53%
71.6th percentile
Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsys | promotic | <= 8.1.6 | — |
| microsys | promotic | — | — |
| microsys | promotic | — | — |
| microsys | promotic | — | — |
| microsys | promotic | — | — |
| microsys | promotic | — | — |
| microsys | promotic | — | — |
| microsys | promotic | — | — |
| microsys | promotic | — | — |
| microsys | promotic | — | — |
| microsys | promotic | — | — |
| microsys | promotic | — | — |
| microsys | promotic | — | — |
| microsys | promotic | — | — |
| microsys | promotic | — | — |
| microsys | promotic | — | — |
| microsys | promotic | — | — |
| microsys | promotic | — | — |
| microsys | promotic | — | — |
| microsys | promotic | — | — |
| microsys | promotic | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h7qp-fq3x-p47w: Use-after-free vulnerability in MICROSYS PROMOTIC before 8
ghsa_unreviewed·2022-05-17
CVE-2011-4874 [HIGH] GHSA-h7qp-fq3x-p47w: Use-after-free vulnerability in MICROSYS PROMOTIC before 8
Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file.
CISA ICS
MICROSYS PROMOTIC Use After Free Vulnerability
cisa_ics·2018-09-06
MICROSYS PROMOTIC Use After Free Vulnerability
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
MICROSYS PROMOTIC Use After Free Vulnerability
Last RevisedSeptember 06, 2018
Alert CodeICSA-12-102-03
## Overview
This advisory is a follow-up to ICS-ALERT-11-333-01 - MICROSYS PROMOTIC Use-After-Free Vulnerability, released on the ICS-CERT Web site on November 28, 2011.
Independent researcher Luigi Auriemma has identified and released proof of concept code (POC) for a use after free vulnerability in the MICROSYS, spol. s r.o. PROMOTIC application without coordination with ICS-CERT, the vendor, or any other known coordinating entity.
ICS-CERT has coordinated this vulnerabilit
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.promotic.eu/en/pmdoc/News.htm#ver80107http://www.securityfocus.com/bid/52988http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74846http://www.promotic.eu/en/pmdoc/News.htm#ver80107http://www.securityfocus.com/bid/52988http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74846
2012-04-13
Published