Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.802537
Category:General
Title:InduSoft Web Studio Multiple Remote Code Execution Vulnerabilitites
Summary:This host is installed with Indusoft Web Studio and is prone to; multiple remote code execution vulnerabilities.
Description:Summary:
This host is installed with Indusoft Web Studio and is prone to
multiple remote code execution vulnerabilities.

Vulnerability Insight:
The flaws are due to

- An error in 'CEServer component'. When handling the remove File operation
(0x15) the process blindly copies user supplied data to a fixed-length buffer on the stack.

- An error in remote agent component (CEServer.exe). When handling incoming
requests the process fails to perform any type of authentication, which
allows direct manipulation and creation of files on disk, loading of
arbitrary DLLs and process control.

Vulnerability Impact:
Successful exploitation will allow remote attackers to execute arbitrary code
within the context of the affected application.

Affected Software/OS:
InduSoft Web Studio version 6.1 and 7.0.

Solution:
Install the hotfix.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 50675
BugTraq ID: 50677
Common Vulnerability Exposure (CVE) ID: CVE-2011-4051
http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf
http://www.zerodayinitiative.com/advisories/ZDI-11-330/
Common Vulnerability Exposure (CVE) ID: CVE-2011-4052
http://www.zerodayinitiative.com/advisories/ZDI-11-329/
CopyrightCopyright (C) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.