cbcvebase.
CVE-2012-1831
published 2012-07-05

CVE-2012-1831: Heap-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555.

PriorityP271critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
15.94%
96.5th percentile
Heap-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555.

Affected

6 ranges
VendorProductVersion rangeFixed in
wellintechkingview<= 6.53
wellintechkingview
wellintechkingview
wellintechkingview
wellintechkingview
wellintechkingview

Detection & IOCsextracted from sources · hover to see the quote

port555/TCP
processtouchview.exe
commandexploit=("D"*70000)
commandexploit=("B"*80000)
  • Monitor for large TCP streams (70,000–80,000+ bytes) sent to port 555/TCP targeting KingView touchview.exe; oversized single-packet payloads of repeated bytes are characteristic of heap overflow exploitation attempts against this service.
  • Alert on any inbound connection to TCP port 555 on hosts running WellinTech KingView 6.53; the service only listens when the node is configured as a Login Server, so unexpected external connections to this port are high-fidelity indicators.
  • Look for EIP/EAX corruption patterns with value 0x42424242 or 0x44444444 in crash telemetry or process memory dumps of touchview.exe, indicative of successful heap overflow control via the PoC payloads.
  • ·The vulnerable TCP port 555 is only open when KingView is explicitly configured with the node type set to 'Local is a Login Server'; default configurations may not expose this attack surface.
  • ·The vendor silently patched this vulnerability; detection rules should still cover unpatched KingView 6.53 deployments, which remain in use in ICS/SCADA environments.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.