Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0773

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-0773
Last Modified 14 Apr 2014 01:56:26
Published 12 Apr 2014 12:37:31
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-0773

Summary

The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname.

Vulnerable Systems

Application

  • Advantech Webaccess 5.0

  • Advantech Webaccess 6.0

  • Advantech Webaccess 7.0

  • Advantech Webaccess 7.1


References

MISC - http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03


Last Updated: 27 May 2016 11:04:55