CVE-2011-0340

InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.

Múltiples desbordamientos de buffer en el control ActiveX ISSymbol de ISSymbol.ocx 61.6.0.0 y 301.1009.2904.0 de la máquina virtual ISSymbol, como se ha distribuído en Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio anteriores a 7.0+SP1, y InduSoft Thin Client 7.0. Permite a atacantes remotos ejecutar código de su elección a través de los valores de propiedades extensos (1) InternationalOrder, (2) InternationalSeparator, o (3) LogFileName; o (4) un argumento bstrFileName extenso al método OpenScreen.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within ISSymbol.ocx ActiveX component. The process performs insufficient bounds checking on user-supplied data passed in as the 'InternationalSeparator' parameter which results in a heap overflow. This vulnerability can be leveraged to execute code under the context of the user running the browser.

*Credits: Alexander Gavrun

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-01-06 CVE Reserved
2011-05-04 CVE Published
2012-12-20 First Exploit
2024-08-06 CVE Updated
2024-11-12 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (12)

URL	Tag	Source
http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03	X_refsource_misc
http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm	X_refsource_confirm
http://www.indusoft.com/hotfixes/hotfixes.php	X_refsource_confirm
http://www.securityfocus.com/bid/47596	Vdb Entry
http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-02.pdf	X_refsource_misc

URL	Date	SRC
https://www.exploit-db.com/exploits/23500	2012-12-20

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/42928	2013-05-21
http://secunia.com/advisories/43116	2013-05-21
http://secunia.com/secunia_research/2011-36	2013-05-21
http://secunia.com/secunia_research/2011-37	2013-05-21
http://www.vupen.com/english/advisories/2011/1115	2013-05-21
http://www.vupen.com/english/advisories/2011/1116	2013-05-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Advantech Search vendor "Advantech"		Advantech Studio Search vendor "Advantech" for product "Advantech Studio"				6.1 Search vendor "Advantech" for product "Advantech Studio" and version "6.1"		sp6_61.6.01.05		Affected
Indusoft Search vendor "Indusoft"		Thin Client Search vendor "Indusoft" for product "Thin Client"				7.0 Search vendor "Indusoft" for product "Thin Client" and version "7.0"		-		Affected
Indusoft Search vendor "Indusoft"		Web Studio Search vendor "Indusoft" for product "Web Studio"				<= 7.0 Search vendor "Indusoft" for product "Web Studio" and version " <= 7.0"		-		Affected
Indusoft Search vendor "Indusoft"		Web Studio Search vendor "Indusoft" for product "Web Studio"				6.1 Search vendor "Indusoft" for product "Web Studio" and version "6.1"		-		Affected
Indusoft Search vendor "Indusoft"		Web Studio Search vendor "Indusoft" for product "Web Studio"				6.1 Search vendor "Indusoft" for product "Web Studio" and version "6.1"		sp6		Affected