CVSS: 7.5EPSS: 29%CPEs: 1EXPL: 0CVE-2015-0986 – Moxa VPort ActiveX SDK PLUS GetClientReg Name Parameter Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0986
Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey (1) set or (2) get command. Múltiples desbordamientos de buffer basado en pila en Moxa VPort ActiveX SDK Plus anterior a 2.8 permiten a atacantes remotos insertar líneas de código de montaje a través de vectores que involucran un comando regkey (1) set o (2) get. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VPort ActiveX SDK PLUS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the VPORTSDK.VPortSDKCtrl.1 ActiveX control. By passing an overly long string to the GetClientReg method's Name parameter, an attacker can overflow a buffer on the stack. • http://www.moxa.com/support/download.aspx?d_id=2114 http://www.securityfocus.com/bid/73960 http://www.zerodayinitiative.com/advisories/ZDI-15-392 https://ics-cert.us-cert.gov/advisories/ICSA-15-097-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 80%CPEs: 1EXPL: 3CVE-2010-4742 – MOXA MediaDBPlayback - ActiveX Control Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-4742
Stack-based buffer overflow in a certain ActiveX control in MediaDBPlayback.DLL 2.2.0.5 in the Moxa ActiveX SDK allows remote attackers to execute arbitrary code via a long PlayFileName property value. Un desbordamiento de búfer basado en pila en un determinado control ActiveX en MediaDBPlayback.DLL v2.2.0.5 en Moxa ActiveX SDK permite a atacantes remotos ejecutar código arbitrario mediante un valor de la propiedad PlayFileName demasiado largo. • https://www.exploit-db.com/exploits/16685 http://reversemode.com/index.php?option=com_content&task=view&id=70&Itemid=1 http://www.metasploit.com/modules/exploit/windows/fileformat/moxa_mediadbplayback http://www.osvdb.org/68986 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •