CVE-2012-0257: Buffer Overflow

First published: Mon Apr 02 2012(Updated: )

Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA Application Object Toolkit 3.2 and earlier, and InTouch 10.0 through 10.5 might allow remote attackers to execute arbitrary code via a long string to the Open member, leading to a function-pointer overwrite.

Credit: cret@cert.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/weakness
• agent/references
• agent/author
• agent/severity
• agent/type
• agent/description
• agent/event
• agent/softwarecombine
• agent/first-publish-date
• agent/last-modified-date
• agent/tags
• collector/mitre-cve
• source/MITRE
• vendor/invensys
• canonical/invensys archestra application object toolkit
• version/invensys archestra application object toolkit/3.2
• canonical/invensys foxboro control software
• version/invensys foxboro control software/3.1
• canonical/invensys infusion control edition
• version/invensys infusion control edition/2.5
• canonical/invensys infusion foundation edition
• version/invensys infusion foundation edition/2.5
• canonical/invensys infusion scada
• version/invensys infusion scada/2.5
• canonical/invensys intouch
• version/invensys intouch/10.0
• version/invensys intouch/10.5
• canonical/invensys wonderware application server
• version/invensys wonderware application server/2012
• canonical/invensys wonderware information server
• version/invensys wonderware information server/4.5
• version/invensys wonderware information server/3.1
• version/invensys wonderware information server/4.0
• version/invensys wonderware information server/4.0-sp1