Details of VAR-E-201109-0165

ID

VAR-E-201109-0165

TITLE

BroadWin WebAccess Client 'bwocxrun.ocx ' Multiple Remote Vulnerabilities

Trust: 0.3

sources: BID: 49428

DESCRIPTION

BroadWin WebAccess Client is prone to multiple remote vulnerabilities, including:
1. A format-string vulnerability
2. Multiple memory corruption vulnerabilities
Attackers could exploit these issues to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.
BroadWin WebAccess Client 7.0 is vulnerable; other verisons may also bea ffected.

Trust: 0.3

sources: BID: 49428

AFFECTED PRODUCTS

vendor:

advantech

model:

broadwin webaccess

scope:

version:

7.0

Trust: 0.3

sources: BID: 49428

EXPLOIT

The following proof of concept and exploit code is available:
Bullet list:
<li><a href="/data/vulnerabilities/exploits/bwocxrun_1.zip">/data/vulnerabilities/exploits/bwocxrun_1.zip</a></li>
<li><a href="/data/vulnerabilities/exploits/49428.htm">/data/vulnerabilities/exploits/49428.htm</a></li>

Trust: 0.3

sources: BID: 49428

PRICE

Free

Trust: 0.3

sources: BID: 49428

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 49428

CREDITS

Luigi Auriemma

Trust: 0.3

sources: BID: 49428

EXTERNAL IDS

db:	ICS CERT ALERT	id:	ICS-ALERT-11-245-01	Trust: 0.3
db:	BID	id:	49428	Trust: 0.3

sources: BID: 49428

REFERENCES

url:	http://webaccess.advantech.com/	Trust: 0.3
url:	http://www.us-cert.gov/control_systems/pdf/ics-alert-11-245-01.pdf	Trust: 0.3
url:	http://support.microsoft.com/kb/240797	Trust: 0.3
url:	http://aluigi.altervista.org/adv/bwocxrun_1-adv.txt	Trust: 0.3

sources: BID: 49428

SOURCES

db:

BID

id:

49428

LAST UPDATE DATE

2022-07-27T09:40:42.874000+00:00

SOURCES UPDATE DATE

db:

BID

id:

49428

date:

2011-10-31T19:53:00

SOURCES RELEASE DATE

db:

BID

id:

49428

date:

2011-09-02T00:00:00