Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx.
References
Link | Resource |
---|---|
http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02 | Third Party Advisory US Government Resource |
http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html | Exploit |
http://www.securityfocus.com/bid/68714 | Exploit |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2014-07-19T01:00:00
Updated: 2015-05-14T17:57:00
Reserved: 2014-03-13T00:00:00
Link: CVE-2014-2364
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-07-19T05:09:27.563
Modified: 2015-08-11T14:38:48.603
Link: CVE-2014-2364
JSON object: View
Redhat Information
No data.
CWE