CVE-2016-5781
published 2016-07-12CVE-2016-5781: Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file.
PriorityP339high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
14.86%
96.3th percentile
Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file.
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
WECON LeviStudio Buffer Overflow Vulnerabilities
cisa_ics·2018-08-23·CVSS 7.8
[HIGH] WECON LeviStudio Buffer Overflow Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
WECON LeviStudio Buffer Overflow Vulnerabilities
Last RevisedAugust 23, 2018
Alert CodeICSA-16-189-01
## OVERVIEW
Independent security researchers Rocco Calvi and Brian Gorenc, working with Trend Micro’s Zero Day Initiative, have identified buffer overflow vulnerabilities in WECON’s LeviStudio software. WECON has not released a product fix to addresses the buffer overflow vulnerabilities in the LeviStudio software.
## AFFECTED PRODUCTS
The following LeviStudio versions are affected:
- LeviStudio, all versions.
## IMPACT
Successful exploitation of these vulnerabilities may a
GHSA
GHSA-mr99-mrrj-m2g2: Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file
ghsa_unreviewed·2022-05-17
CVE-2016-5781 [HIGH] CWE-119 GHSA-mr99-mrrj-m2g2: Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file
Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2016-07-12
Published