CVE-2014-9267 – PTC IsoView ActiveX Control ViewPort Heap Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2014-9267

Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value. Desbordamiento de buffer basado en memoria dinámica en el control PTC IsoView ActiveX permite a atacantes remotos ejecutar código arbitrario a través de un valor de propiedad ViewPort manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the PTC IsoView ActiveX control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ViewPort property of the control. By setting the property to a malicious value, an attacker can overflow a statically allocated heap buffer. • http://www.securityfocus.com/bid/71491 http://www.zerodayinitiative.com/advisories/ZDI-14-398 http://www.zerodayinitiative.com/advisories/ZDI-14-399 https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS181001 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •