Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2515

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-2515
Last Modified 17 Jul 2012 12:00:00
Published 04 Jul 2012 11:23:18
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2515

Summary

Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method.

Vulnerable Systems

Application

  • Emc Captiva Quickscan Pro 4.6

  • Emc Documentum Applicationxtender Desktop 5.4

  • Intelligent Platforms Proficy Batch Execution 5.6

  • Intelligent Platforms Proficy Historian 3.1

  • Intelligent Platforms Proficy Historian 3.5

  • Intelligent Platforms Proficy Historian 4.0

  • Intelligent Platforms Proficy Historian 4.5

  • Intelligent Platforms Proficy Hmi%2fscada Ifix 5.0

  • Intelligent Platforms Proficy Hmi%2fscada Ifix 5.1

  • Intelligent Platforms Proficy Pulse 1.0

  • Intelligent Platforms Si7 I%2fo Driver 7.20

  • Intelligent Platforms Si7 I%2fo Driver 7.42


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdf

BID - 36546

CONFIRM - http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-04%20Security%20Advisory%20-%20Proficy%20HTML%20Help.pdf

SECUNIA - 36914

SECUNIA - 36905

MISC - http://retrogod.altervista.org/9sg_emc_keyhelp.html


Last Updated: 27 May 2016 10:49:38