Details of VAR-201905-1334

ID

VAR-201905-1334

TITLE

Century Star WebViewer.ocx Control Fl *** Initialization Parameter Has Stack Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-15923

DESCRIPTION

Century Star configuration software is a blocking software launched by Beijing Century Changqiu Technology Co., Ltd. It is a real-time human-machine interface utility generator, composed of CSMaker development system and CSViewer operating system. Century Star WebViewer.ocx control Fl *** initialization parameter has a stack overflow vulnerability. Attackers can trick users who install this control to visit malicious web pages, trigger vulnerabilities, remotely execute malicious code on the user's system, and ultimately gain control of the user's system. CSMaker Development system and CSViewer Composition of the operating system

Trust: 0.72

sources: CNVD: CNVD-2019-15923 // IVD: a469a44c-f67e-41b3-8f89-9a599898a361

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: a469a44c-f67e-41b3-8f89-9a599898a361 // CNVD: CNVD-2019-15923

AFFECTED PRODUCTS

vendor:

century changqiu

model:

star configuration software

scope:

version:

v9.1

Trust: 0.8

sources: IVD: a469a44c-f67e-41b3-8f89-9a599898a361 // CNVD: CNVD-2019-15923

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-15923
value:	MEDIUM
Trust: 0.6
IVD:	a469a44c-f67e-41b3-8f89-9a599898a361
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2019-15923
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	a469a44c-f67e-41b3-8f89-9a599898a361
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: a469a44c-f67e-41b3-8f89-9a599898a361 // CNVD: CNVD-2019-15923

TYPE

Buffer overflow

Trust: 0.2

sources: IVD: a469a44c-f67e-41b3-8f89-9a599898a361

PATCH

title:

Century Star WebViewer.ocx Control FlashTime Initialization Parameter Has Stack Overflow Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/160853

Trust: 0.6

sources: CNVD: CNVD-2019-15923

EXTERNAL IDS

db:	CNVD	id:	CNVD-2019-15923	Trust: 0.8
db:	IVD	id:	A469A44C-F67E-41B3-8F89-9A599898A361	Trust: 0.2

sources: IVD: a469a44c-f67e-41b3-8f89-9a599898a361 // CNVD: CNVD-2019-15923

SOURCES

db:	IVD	id:	a469a44c-f67e-41b3-8f89-9a599898a361
db:	CNVD	id:	CNVD-2019-15923

LAST UPDATE DATE

2022-05-17T02:03:11.696000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-15923

date:

2019-06-04T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	a469a44c-f67e-41b3-8f89-9a599898a361	date:	2019-05-30T00:00:00
db:	CNVD	id:	CNVD-2019-15923	date:	2019-06-20T00:00:00