CVE-2014-8269 – Honeywell OPOS Suite HWOPOSScale.ocx Open Method Stack Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2014-8269

Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) HWOPOSSCANNER.ocx in Honeywell OPOS Suite before 1.13.4.15 allow remote attackers to execute arbitrary code via a crafted file that is improperly handled by the Open method. Múltiples desbordamientos de buffer basado en pila en (1) HWOPOSScale.ocx y (2) HWOPOSSCANNER.ocx en Honeywell OPOS Suite anteriores a 1.13.4.15, permiten a atacantes remotos ejecutar código arbitrario a través de un fichero manipulado que es manejado de forma indebida por el método Open. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell OPOS Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the HWOPOSScale.ocx. The control does not check the length of an attacker-supplied string to the Open method before copying it into a fixed length buffer on the stack. • http://www.kb.cert.org/vuls/id/659684 http://www.zerodayinitiative.com/advisories/ZDI-14-423 http://www.zerodayinitiative.com/advisories/ZDI-14-424 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •