The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname.
References
Link | Resource |
---|---|
http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03 | US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2014-04-12T01:00:00
Updated: 2014-04-12T01:57:00
Reserved: 2014-01-02T00:00:00
Link: CVE-2014-0773
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-04-12T04:37:31.707
Modified: 2014-04-14T17:56:26.973
Link: CVE-2014-0773
JSON object: View
Redhat Information
No data.
CWE