Details of VAR-201905-1345

ID

VAR-201905-1345

TITLE

Century Star Menu.ocx Control Re *** Method Has Stack Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-13842

DESCRIPTION

Century Star configuration software is a blocking software launched by Beijing Century Changqiu Technology Co., Ltd. It is a real-time human-machine interface utility generator, composed of CSMaker development system and CSViewer operating system. The Century Star Menu.ocx control Re *** method has a stack overflow vulnerability. An attacker can trick users who have installed this control to visit malicious webpages, and then trigger the vulnerability, remotely execute malicious code on the user system, and finally gain control of the user system. CSMaker Development system and CSViewer Composition of the operating system

Trust: 0.72

sources: CNVD: CNVD-2019-13842 // IVD: f33277f9-cbe7-476b-9d63-3a9e6f48d2eb

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: f33277f9-cbe7-476b-9d63-3a9e6f48d2eb // CNVD: CNVD-2019-13842

AFFECTED PRODUCTS

vendor:

century changqiu

model:

star configuration software

scope:

version:

v9.1

Trust: 0.8

sources: IVD: f33277f9-cbe7-476b-9d63-3a9e6f48d2eb // CNVD: CNVD-2019-13842

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-13842
value:	LOW
Trust: 0.6
IVD:	f33277f9-cbe7-476b-9d63-3a9e6f48d2eb
value:	LOW
Trust: 0.2

CNVD:	CNVD-2019-13842
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	f33277f9-cbe7-476b-9d63-3a9e6f48d2eb
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: f33277f9-cbe7-476b-9d63-3a9e6f48d2eb // CNVD: CNVD-2019-13842

TYPE

Buffer overflow

Trust: 0.2

sources: IVD: f33277f9-cbe7-476b-9d63-3a9e6f48d2eb

PATCH

title:

Century Star Menu.ocx control ReadMenuFromRemoteFile method has a stack overflow vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/159331

Trust: 0.6

sources: CNVD: CNVD-2019-13842

EXTERNAL IDS

db:	CNVD	id:	CNVD-2019-13842	Trust: 0.8
db:	IVD	id:	F33277F9-CBE7-476B-9D63-3A9E6F48D2EB	Trust: 0.2

sources: IVD: f33277f9-cbe7-476b-9d63-3a9e6f48d2eb // CNVD: CNVD-2019-13842

SOURCES

db:	IVD	id:	f33277f9-cbe7-476b-9d63-3a9e6f48d2eb
db:	CNVD	id:	CNVD-2019-13842

LAST UPDATE DATE

2022-05-17T01:50:53.825000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-13842

date:

2019-05-13T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	f33277f9-cbe7-476b-9d63-3a9e6f48d2eb	date:	2019-05-13T00:00:00
db:	CNVD	id:	CNVD-2019-13842	date:	2019-06-06T00:00:00