CVE-2010-2974

https://notcve.org/view.php?id=CVE-2010-2974

Stack-based buffer overflow in the IConfigurationAccess interface in the Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control in Wonderware Application Server (WAS) before 3.1 SP2 P01, as used in the Wonderware Archestra Integrated Development Environment (IDE) and the InFusion Integrated Engineering Environment (IEE), allows remote attackers to execute arbitrary code via the first argument to the UnsubscribeData method. Desbordamiento de búfer basado en pila en la interfaz IConfigurationAccess en el control ActiveX Invensys Wonderware Archestra ConfigurationAccessComponent de Wonderware Application Server (WAS) anterior a v3.1 SP2 P01, como el usado en el Wonderware Archestra Integrated Development Environment (IDE) y el InFusion Integrated Engineering Environment (IEE), permite a los atacantes remotos ejecutar código a su elección a través del primer argumento del método UnsubscribeData. • http://www.kb.cert.org/vuls/id/703189 http://www.kb.cert.org/vuls/id/MORO-87MHPT http://www.pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsID=203108 https://wdnresource.wonderware.com/support/kbcd/html/1/t002492.htm • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •