CVE-2017-14010
https://notcve.org/view.php?id=CVE-2017-14010
In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. En SpiderControl MicroBrowser en Windows XP, Vista 7, 8 y 10, en sus versiones 1.6.30.144 y anteriores, se ha identificado una vulnerabilidad no controlada del elemento de ruta de búsqueda que podría explotarse colocando un archivo DLL especialmente manipulado en la ruta de búsqueda. Si el DLL malicioso se carga antes que el DLL válido, un atacante podría ejecutar código arbitrario en el sistema. • http://spidercontrol.net/download/downloadarea/?lang=en http://www.securityfocus.com/bid/101505 https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01 • CWE-427: Uncontrolled Search Path Element •
CVE-2017-12707 – SpiderControl SCADA MicroBrowser StaticHTMLTagsFileName Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-12707
A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow. Se ha descubierto un problema de desbordamiento de búfer basado en pila en SpiderControl SCADA MicroBrowser en su versión 1.6.30.144 y anteriores. Abrir un archivo html manipulado maliciosamente podría provocar un desbordamiento de la pila. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SpiderControl SCADA MicroBrowser. • http://www.securityfocus.com/bid/100453 https://ics-cert.us-cert.gov/advisories/ICSA-17-234-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •