Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4870

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-4870
Last Modified 09 Jan 2012 12:00:00
Published 07 Jan 2012 07:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4870

Summary

Multiple buffer overflows in the (1) GUIControls, (2) BatchObjSrv, and (3) BatchSecCtrl ActiveX controls in Invensys Wonderware InBatch 9.0 and 9.0 SP1, and InBatch 8.1 SP1, 9.0 SP2, and 9.5 Server and Runtime Clients, allow remote attackers to execute arbitrary code via a long string in a property value, a different issue than CVE-2011-3141.

Vulnerable Systems

Application

  • Invensys Wonderware Inbatch 8.1

  • Invensys Wonderware Inbatch 9.0

  • Invensys Wonderware Inbatch 9.5


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-11-332-01A.pdf

BID - 51129


Last Updated: 27 May 2016 10:57:18