CVE-2014-9267
PTC IsoView ActiveX Control ViewPort Heap Buffer Overflow Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value.
Desbordamiento de buffer basado en memoria dinámica en el control PTC IsoView ActiveX permite a atacantes remotos ejecutar código arbitrario a través de un valor de propiedad ViewPort manipulado.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the PTC IsoView ActiveX control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the ViewPort property of the control. By setting the property to a malicious value, an attacker can overflow a statically allocated heap buffer. This could allow the attacker to execute arbitrary code in the context of the browser.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-12-04 CVE Reserved
- 2014-12-04 CVE Published
- 2023-11-15 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/71491 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-14-398 | X_refsource_misc |
|
| http://www.zerodayinitiative.com/advisories/ZDI-14-399 | X_refsource_misc |
|
| https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS181001 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|