CVE-2014-5424 – Rockwell Automation Connected Components Workbench RA.ViewElements.Row.1 Arbitrary Write Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2014-5424

Rockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an invalid property value to an ActiveX control that was built with an outdated compiler. Rockwell Automation Connected Components Workbench (CCW) anterior a 7.00.00 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) o la posibilidad de ejecutar código arbitrario a través de una propiedad inválida en el control del ActiveX que fue compilado con un compilador obsoleto. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the RA.ViewElements.Row.1 ActiveXControl method. By providing a malicious value to the BackColor property, an attacker can write an uncontrolled four byte value to an arbitrary location. • https://ics-cert.us-cert.gov/advisories/ICSA-14-294-01 • CWE-264: Permissions, Privileges, and Access Controls •