Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2386

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-2386
Last Modified 27 Apr 2012 12:00:00
Published 08 Jun 2011 06:36:14
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2386

Summary

VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type property, which triggers an untrusted pointer dereference.

Vulnerable Systems

Application

  • Visiwave Site Survey 1.6.12

  • Visiwave Site Survey 2.0.12

  • Visiwave Site Survey 2.1


References

CONFIRM - http://www.visiwave.com/blog/index.php?/archives/4-Version-2.1.9-Released.html

MISC - http://www.stratsec.net/Research/Advisories/VisiWave-Site-Survey-Report-Trusted-Pointer-%28SS-20

BID - 47948

EXPLOIT-DB - 17317

SECUNIA - 44636

OSVDB - 72464


Last Updated: 27 May 2016 10:57:00