CVE-2011-0340: Buffer Overflow
First published: Wed May 04 2011(Updated: )
Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.
Credit: PSIRT-CNA@flexerasoftware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Advantech Studio | =6.1-sp6_61.6.01.05 | |
| InduSoft Thin Client | =7.0 | |
| InduSoft Web Studio | <=7.0 | |
| InduSoft Web Studio | =6.1 | |
| InduSoft Web Studio | =6.1-sp6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/43116
- http://www.securityfocus.com/bid/47596
- http://secunia.com/secunia_research/2011-37/
- http://www.indusoft.com/hotfixes/hotfixes.php
- http://secunia.com/advisories/42928
- http://www.vupen.com/english/advisories/2011/1115
- http://secunia.com/secunia_research/2011-36/
- http://www.vupen.com/english/advisories/2011/1116
- http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-02.pdf
- http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03
Frequently Asked Questions
What is the severity of CVE-2011-0340?
CVE-2011-0340 has been classified as critical due to the potential for remote code execution.
How do I fix CVE-2011-0340?
To fix CVE-2011-0340, you should update the affected software to the latest version that addresses this vulnerability.
Which software is affected by CVE-2011-0340?
CVE-2011-0340 affects ISSymbol ActiveX control in specific versions of InduSoft Web Studio, InduSoft Thin Client, and Advantech Studio.
Can CVE-2011-0340 lead to unauthorized access?
Yes, CVE-2011-0340 can allow remote attackers to execute arbitrary code, potentially leading to unauthorized access.
Is CVE-2011-0340 still a threat in updated versions?
No, newer versions of the affected software have patched CVE-2011-0340, mitigating the threat.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/advantech
- canonical/advantech studio
- version/advantech studio/6.1-sp6_61.6.01.05
- vendor/indusoft
- canonical/indusoft thin client
- version/indusoft thin client/7.0
- canonical/indusoft web studio
- version/indusoft web studio/7.0
- version/indusoft web studio/6.1
- version/indusoft web studio/6.1-sp6