CVE-2014-0772
Advantech WebAccess bwocxrun.ocx OpenUrlToBufferTimeout Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.
El método OpenUrlToBufferTimeout en el control BWOCXRUN.BwocxrunCtrl.1 ActiveX en bwocxrun.ocx en Advantech WebAccess anterior a 7.2 permite a atacantes remotos leer archivos arbitrarios a través de un fichero: URL.
This vulnerability allows remote attackers to access arbitrary files on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the bwocxrun.ocx cntrol. The control exposes a method 'OpenBufferToUrlTimeout' which allows an attacker to access the contents of an arbitrary URL (including a file URL). An attacker can use this to access any file on the system or the content of any remote URL which is accessible in the current context of the browser.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-01-02 CVE Reserved
- 2014-04-12 CVE Published
- 2024-08-06 CVE Updated
- 2024-10-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03 | Us Government Resource |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Advantech Search vendor "Advantech" | Advantech Webaccess Search vendor "Advantech" for product "Advantech Webaccess" | <= 7.1 Search vendor "Advantech" for product "Advantech Webaccess" and version " <= 7.1" | - |
Affected
| ||||||
Advantech Search vendor "Advantech" | Advantech Webaccess Search vendor "Advantech" for product "Advantech Webaccess" | 5.0 Search vendor "Advantech" for product "Advantech Webaccess" and version "5.0" | - |
Affected
| ||||||
Advantech Search vendor "Advantech" | Advantech Webaccess Search vendor "Advantech" for product "Advantech Webaccess" | 6.0 Search vendor "Advantech" for product "Advantech Webaccess" and version "6.0" | - |
Affected
| ||||||
Advantech Search vendor "Advantech" | Advantech Webaccess Search vendor "Advantech" for product "Advantech Webaccess" | 7.0 Search vendor "Advantech" for product "Advantech Webaccess" and version "7.0" | - |
Affected
|