Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4039

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-4039
Last Modified 14 Feb 2012 12:00:00
Published 10 Feb 2012 02:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4039

Summary

Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation."

Vulnerable Systems

Application

  • Dreamreport Dream Report 3.21

  • Dreamreport Dream Report 3.41

  • Dreamreport Dream Report 3.42

  • Dreamreport Dream Report 3.43

  • Invensys Wonderware Hmi Reports 3.42.835.0304

  • Ocean Data Systems Dream Report 3.21

  • Ocean Data Systems Dream Report 3.41

  • Ocean Data Systems Dream Report 3.42

  • Ocean Data Systems Dream Report 3.43


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf

SECUNIA - 47933

SECUNIA - 47742


Last Updated: 27 May 2016 10:58:14