CVE-2012-2515
published 2012-07-05CVE-2012-2515: Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component)…
PriorityP262critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
27.59%
97.8th percentile
Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| emc | captiva_quickscan_pro | — | — |
| emc | documentum_applicationxtender_desktop | — | — |
| ge | intelligent_platforms_proficy_batch_execution | — | — |
| ge | intelligent_platforms_proficy_historian | — | — |
| ge | intelligent_platforms_proficy_historian | — | — |
| ge | intelligent_platforms_proficy_historian | — | — |
| ge | intelligent_platforms_proficy_historian | — | — |
| ge | intelligent_platforms_proficy_hmi_scada_ifix | — | — |
| ge | intelligent_platforms_proficy_hmi_scada_ifix | — | — |
| ge | intelligent_platforms_proficy_pulse | — | — |
| ge | intelligent_platforms_si7_i_o_driver | — | — |
| ge | intelligent_platforms_si7_i_o_driver | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect presence of KeyHelp.ocx version 1.2.3120.0 on endpoints; its presence in affected products (EMC ApplicationXtender 5.4, GE Proficy suite) indicates exposure to this vulnerability. ↗
- →The attack vector is drive-by / social engineering: a user must visit a malicious website. Monitor web proxy logs for suspicious ActiveX object instantiation patterns targeting KeyHelp.KeyCtrl.1. ↗
- →A Metasploit module exists for this vulnerability (windows/fileformat/emc_appextender_keyworks); monitor endpoint security tools for exploit attempts matching this module's file-format attack pattern. ↗
- ·GE recommends unregistering and deleting KeyHelp.ocx entirely rather than patching; removal instructions are product-specific to avoid breaking functionality. ↗
- ·At time of advisory publication, no known public exploits specifically targeted these vulnerabilities (though a Metasploit module now exists). ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
GE Intelligent Platforms Proficy HTML Help Vulnerabilities (Update A)
cisa_ics·2012-06-27·CVSS 9.3
[CRITICAL] GE Intelligent Platforms Proficy HTML Help Vulnerabilities (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
GE Intelligent Platforms Proficy HTML Help Vulnerabilities (Update A)
Last RevisedAugust 21, 2018
Alert CodeICSA-12-131-02
## 1. EXECUTIVE SUMMARY
-
CVSS v3 8.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: GE
- Equipment: Intelligent Platforms
- Vulnerabilities: Stack-based Buffer Overflow, Command Injection
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-12-131-02 GE Intelligent Platforms Proficy HTML Help Vulnerabilities that was published June 27, 2012, on the NCCIC/ICS-CERT website.
## 3. RIS
GHSA
GHSA-c4f6-gg76-2x9x: Multiple stack-based buffer overflows in the KeyHelp
ghsa_unreviewed·2022-05-17
CVE-2012-2515 [HIGH] CWE-119 GHSA-c4f6-gg76-2x9x: Multiple stack-based buffer overflows in the KeyHelp
Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method.
No detection rules found.
No writeups or analysis indexed.
http://retrogod.altervista.org/9sg_emc_keyhelp.htmlhttp://secunia.com/advisories/36905http://secunia.com/advisories/36914http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-04%20Security%20Advisory%20-%20Proficy%20HTML%20Help.pdfhttp://www.securityfocus.com/bid/36546http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdfhttp://www.vupen.com/english/advisories/2009/2793http://www.vupen.com/english/advisories/2009/2795http://retrogod.altervista.org/9sg_emc_keyhelp.htmlhttp://secunia.com/advisories/36905http://secunia.com/advisories/36914http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-04%20Security%20Advisory%20-%20Proficy%20HTML%20Help.pdfhttp://www.securityfocus.com/bid/36546http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdfhttp://www.vupen.com/english/advisories/2009/2793http://www.vupen.com/english/advisories/2009/2795
2012-07-05
Published