ID
VAR-E-201310-0368
TITLE
InduSoft Thin Client 'novapi7.dll' ActiveX Control Buffer Overflow Vulnerability
Trust: 0.3
DESCRIPTION
InduSoft Thin Client is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Attackers can exploit this issue to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions.
InduSoft Thin Client 7.1 is vulnerable; other versions may also be affected.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | indusoft | model: | thin client | scope: | eq | version: | 7.1 | Trust: 0.3 |
EXPLOIT
The following exploit code is available:
Bullet list:
<li><a href="/data/vulnerabilities/exploits/62936.html.txt">/data/vulnerabilities/exploits/62936.html.txt</a></li>
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Boundary Condition Error
Trust: 0.3
CREDITS
Blake
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 62936 | Trust: 0.3 |
REFERENCES
| url: | http://www.indusoft.com/mainpage.php?aricleid=17&type=certified/hardware | Trust: 0.3 |
SOURCES
| db: | BID | id: | 62936 |
LAST UPDATE DATE
2022-07-27T10:03:14.849000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 62936 | date: | 2013-10-08T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 62936 | date: | 2013-10-08T00:00:00 |