CVE-2012-2515: Buffer Overflow
First published: Thu Jul 05 2012(Updated: )
Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| EMC Captiva QuickScan Pro | =4.6-sp1 | |
| EMC ApplicationXtender Desktop | =5.4 | |
| GE Intelligent Platforms Proficy Batch Execution | =5.6 | |
| GE Proficy Historian | =3.1 | |
| GE Proficy Historian | =3.5 | |
| GE Proficy Historian | =4.0 | |
| GE Proficy Historian | =4.5 | |
| GE Intelligent Platforms Proficy HMI/SCADA iFIX | =5.0 | |
| GE Intelligent Platforms Proficy HMI/SCADA iFIX | =5.1 | |
| GE Intelligent Platforms Proficy Pulse | =1.0 | |
| GE Intelligent Platforms Si7 I/O Driver | =7.20 | |
| GE Intelligent Platforms Si7 I/O Driver | =7.42 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://retrogod.altervista.org/9sg_emc_keyhelp.html
- http://secunia.com/advisories/36905
- http://secunia.com/advisories/36914
- http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-04%20Security%20Advisory%20-%20Proficy%20HTML%20Help.pdf
- http://www.securityfocus.com/bid/36546
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdf
- http://www.vupen.com/english/advisories/2009/2793
- http://www.vupen.com/english/advisories/2009/2795
Frequently Asked Questions
What is the severity of CVE-2012-2515?
CVE-2012-2515 is classified as a high severity vulnerability due to multiple stack-based buffer overflows.
How do I fix CVE-2012-2515?
To fix CVE-2012-2515, it is recommended to update the affected software to the latest version provided by the vendor.
Which software is affected by CVE-2012-2515?
CVE-2012-2515 affects EMC Documentum ApplicationXtender Desktop 5.4, EMC Captiva Quickscan Pro 4.6 SP1, and several versions of GE Intelligent Platforms Proficy Historian.
What type of vulnerability is CVE-2012-2515?
CVE-2012-2515 is a buffer overflow vulnerability that can lead to remote code execution.
Is CVE-2012-2515 being actively exploited?
As of now, there are no publicly available reports indicating active exploitation of CVE-2012-2515.
- agent/references
- agent/type
- agent/softwarecombine
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/emc
- canonical/emc captiva quickscan pro
- version/emc captiva quickscan pro/4.6-sp1
- canonical/emc applicationxtender desktop
- version/emc applicationxtender desktop/5.4
- vendor/ge
- canonical/ge intelligent platforms proficy batch execution
- version/ge intelligent platforms proficy batch execution/5.6
- canonical/ge proficy historian
- version/ge proficy historian/3.1
- version/ge proficy historian/3.5
- version/ge proficy historian/4.0
- version/ge proficy historian/4.5
- canonical/ge intelligent platforms proficy hmi/scada ifix
- version/ge intelligent platforms proficy hmi/scada ifix/5.0
- version/ge intelligent platforms proficy hmi/scada ifix/5.1
- canonical/ge intelligent platforms proficy pulse
- version/ge intelligent platforms proficy pulse/1.0
- canonical/ge intelligent platforms si7 i/o driver
- version/ge intelligent platforms si7 i/o driver/7.20
- version/ge intelligent platforms si7 i/o driver/7.42