Sign-up

ID

VAR-201310-0783


TITLE

InduSoft Thin Client 'novapi7.dll' ActiveX Control Buffer Overflow Vulnerability

Trust: 1.1

sources: IVD: 1f8d2d3e-1f04-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13776 // BID: 62936

DESCRIPTION

Indusoft Web Studio is a powerful graphics control software. InduSoft Thin Client is a thin client product of InduSoft Company in the United States. It is a computer terminal that basically does not need applications in the client / server network system. A remote buffer overflow vulnerability exists in InduSoft Thin Client. The vulnerability stems from the program's incorrect boundary check of user-supplied input, causing the size of the program's copied data to exceed the allocated memory buffer space. An attacker could use this vulnerability to execute arbitrary code in the context of an application using ActiveX controls, and may also cause a denial of service. Vulnerabilities exist in InduSoft Thin Client 7.1, other versions may also be affected. Failed exploit attempts will likely result in denial-of-service conditions

Trust: 1.53

sources: CNVD: CNVD-2013-13776 // CNNVD: CNNVD-201310-199 // BID: 62936 // IVD: 1f8d2d3e-1f04-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 1f8d2d3e-1f04-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13776

AFFECTED PRODUCTS

vendor:indusoftmodel:thin clientscope:eqversion:7.1

Trust: 1.1

sources: IVD: 1f8d2d3e-1f04-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13776 // BID: 62936

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2013-13776
value: HIGH

Trust: 0.6

IVD: 1f8d2d3e-1f04-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

CNVD: CNVD-2013-13776
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 1f8d2d3e-1f04-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 1f8d2d3e-1f04-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13776

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-199

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 1f8d2d3e-1f04-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201310-199

EXTERNAL IDS

db:BIDid:62936

Trust: 1.5

db:CNVDid:CNVD-2013-13776

Trust: 0.8

db:EXPLOIT-DBid:28853

Trust: 0.6

db:CNNVDid:CNNVD-201310-199

Trust: 0.6

db:IVDid:1F8D2D3E-1F04-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 1f8d2d3e-1f04-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13776 // BID: 62936 // CNNVD: CNNVD-201310-199

REFERENCES

url:http://www.exploit-db.com/exploits/28853/

Trust: 0.6

url:http://www.securityfocus.com/bid/62936

Trust: 0.6

url:http://www.indusoft.com/mainpage.php?aricleid=17&type=certified/hardware

Trust: 0.3

sources: CNVD: CNVD-2013-13776 // BID: 62936 // CNNVD: CNNVD-201310-199

CREDITS

Blake

Trust: 0.9

sources: BID: 62936 // CNNVD: CNNVD-201310-199

SOURCES

db:IVDid:1f8d2d3e-1f04-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-13776
db:BIDid:62936
db:CNNVDid:CNNVD-201310-199

LAST UPDATE DATE

2022-05-17T02:03:22.604000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-13776date:2013-10-17T00:00:00
db:BIDid:62936date:2013-10-08T00:00:00
db:CNNVDid:CNNVD-201310-199date:2013-10-15T00:00:00

SOURCES RELEASE DATE

db:IVDid:1f8d2d3e-1f04-11e6-abef-000c29c66e3ddate:2013-10-17T00:00:00
db:CNVDid:CNVD-2013-13776date:2013-10-17T00:00:00
db:BIDid:62936date:2013-10-08T00:00:00
db:CNNVDid:CNNVD-201310-199date:2013-10-15T00:00:00