Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2089

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-2089
Last Modified 26 May 2011 12:00:00
Published 13 May 2011 01:05:45
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2089

Summary

Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Iconics Bizviz 9.0

  • Iconics Bizviz 9.01

  • Iconics Bizviz 9.1

  • Iconics Bizviz 9.13

  • Iconics Bizviz 9.2

  • Iconics Bizviz 9.20

  • Iconics Bizviz 9.21

  • Iconics Genesis32 9.0

  • Iconics Genesis32 9.01

  • Iconics Genesis32 9.1

  • Iconics Genesis32 9.13

  • Iconics Genesis32 9.2

  • Iconics Genesis32 9.20

  • Iconics Genesis32 9.21


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdf

XF - webhmi-activex-bo(67267)

VUPEN - ADV-2011-1174

BID - 47704

MISC - http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf

OSVDB - 72135

EXPLOIT-DB - 17269

EXPLOIT-DB - 17240

SECUNIA - 44417


Last Updated: 27 May 2016 10:56:54