Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3007

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-3007
Last Modified 13 Aug 2012 11:38:14
Published 04 Jul 2012 11:23:18
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3007

Summary

Stack-based buffer overflow in slssvc.exe before 58.x in Invensys Wonderware SuiteLink in the Invensys System Platform software suite, as used in InTouch/Wonderware Application Server IT before 10.5 and WAS before 3.5, DASABCIP before 4.1 SP2, DASSiDirect before 3.0, DAServer Runtime Components before 3.0 SP2, and other products, allows remote attackers to cause a denial of service (daemon crash or hang) via a long Unicode string.

Vulnerable Systems

Application

  • Invensys Dasabcip 4.1

  • Invensys Daserver Runtime Components 3.0

  • Invensys Dassidirect 2.0

  • Invensys Intouch%2fwonderware Application Server 10.0

  • Invensys Wonderware Application Server 3.0

  • Invensys Wonderware Application Server 3.0.200

  • Invensys Wonderware Application Server 3.1

  • Invensys Wonderware Application Server 3.1.201


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-12-171-01.pdf

BID - 53563

SECUNIA - 49173


Last Updated: 27 May 2016 10:54:50