Sign-up

ID

VAR-201210-0405


CVE

CVE-2012-5311


TITLE

ComponentOne FlexGrid ActiveX Control Buffer Overflow Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2012-0339 // BID: 51601

DESCRIPTION

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0227. Reason: This candidate is a duplicate of CVE-2012-0227. Notes: All CVE users should reference CVE-2012-0227 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Open Automation Software OPC Systems.NET Used in ComponentOne FlexGrid of VSFlex7.VSFlexGrid ActiveX The control contains a buffer overflow vulnerability.By a third party Archive Denial of service via an excessively long archive filename argument to the method (DoS) Could be put into a state and execute arbitrary code. OPC Systems.NET is a .NET product for SCADA, HMI. The ComponentOne FlexGrid ActiveX control has a buffer overflow that allows an attacker to exploit a vulnerability to construct a malicious link that tricks the user into parsing and executing arbitrary code in the context of the application. ComponentOne FlexGrid ActiveX Control is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. ComponentOne FlexGrid 7.1 is vulnerable; other versions may also be affected

Trust: 2.43

sources: NVD: CVE-2012-5311 // JVNDB: JVNDB-2012-004846 // CNVD: CNVD-2012-0339 // BID: 51601

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-0339

AFFECTED PRODUCTS

vendor:componentonemodel:flexgridscope:eqversion:7.1

Trust: 1.7

vendor:componentonemodel:flexgrid lightscope:eqversion:7.1

Trust: 0.9

vendor:opcmodel:systems opc systems.netscope:eqversion:0

Trust: 0.9

vendor:open automationmodel:opc systems.netscope: - version: -

Trust: 0.8

vendor:opcsystemsmodel:opcsystems.netscope:eqversion: -

Trust: 0.6

vendor:opcsystemsmodel:opcsystems.netscope:eqversion:4.0

Trust: 0.6

sources: CNVD: CNVD-2012-0339 // BID: 51601 // JVNDB: JVNDB-2012-004846 // CNNVD: CNNVD-201210-077

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2012-5311
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201210-077
value: CRITICAL

Trust: 0.6

NVD: CVE-2012-5311
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: JVNDB: JVNDB-2012-004846 // CNNVD: CNNVD-201210-077

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2012-004846

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201210-077

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201210-077

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-004846

PATCH
title:Top Pageurl:http://www.componentone.com/
Trust: 0.8
title:OPC SYSTEMS.NETurl:http://www.opcsystems.net/opc_systems_net.htm
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-004846

EXTERNAL IDS
db:NVDid:CVE-2012-5311
Trust: 2.7
db:BIDid:51601
Trust: 1.5
db:JVNDBid:JVNDB-2012-004846
Trust: 0.8
db:CNVDid:CNVD-2012-0339
Trust: 0.6
db:XFid:72604
Trust: 0.6
db:NSFOCUSid:21082
Trust: 0.6
db:CNNVDid:CNNVD-201210-077
Trust: 0.6
db:ICS CERTid:ICSA-12-012-01A
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2012-0339 // 
            
            
            
            BID: 51601 // 
            
            
            
            JVNDB: JVNDB-2012-004846 // 
            
            
            
            CNNVD: CNNVD-201210-077 // 
            
            
            
            NVD: CVE-2012-5311

REFERENCES
url:http://dsecrg.com/pages/vul/show.php?id=406
Trust: 1.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5311
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5311
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/72604
Trust: 0.6
url:http://www.securityfocus.com/bid/51601
Trust: 0.6
url:http://www.nsfocus.net/vulndb/21082
Trust: 0.6
url:http://www.componentone.com/
Trust: 0.3
url:http://support.microsoft.com/kb/240797
Trust: 0.3
url:www.opcsystems.net
Trust: 0.3
url:http://www.us-cert.gov/control_systems/pdf/icsa-12-012-01a.pdf
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2012-0339 // 
            
            
            
            BID: 51601 // 
            
            
            
            JVNDB: JVNDB-2012-004846 // 
            
            
            
            CNNVD: CNNVD-201210-077

CREDITS
Alexandr Polyakov from DSecRG
Trust: 0.3
sources:
            
            
            BID: 51601

SOURCES
db:CNVDid:CNVD-2012-0339
db:BIDid:51601
db:JVNDBid:JVNDB-2012-004846
db:CNNVDid:CNNVD-201210-077
db:NVDid:CVE-2012-5311

LAST UPDATE DATE
2024-08-14T14:28:06.335000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-0339date:2012-02-01T00:00:00
db:BIDid:51601date:2012-10-10T18:20:00
db:JVNDBid:JVNDB-2012-004846date:2012-10-11T00:00:00
db:CNNVDid:CNNVD-201210-077date:2012-10-12T00:00:00
db:NVDid:CVE-2012-5311date:2023-11-07T02:12:31.027

SOURCES RELEASE DATE
db:CNVDid:CNVD-2012-0339date:2012-02-01T00:00:00
db:BIDid:51601date:2012-01-20T00:00:00
db:JVNDBid:JVNDB-2012-004846date:2012-10-11T00:00:00
db:CNNVDid:CNNVD-201210-077date:2012-10-12T00:00:00
db:NVDid:CVE-2012-5311date:2012-10-08T17:55:01.010