CVE-2011-0342

Description

Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol.ocx 301.1104.601.0 in InduSoft Web Studio 7.0B2 hotfix 7.0.01.04 allow remote attackers to execute arbitrary code via a long parameter to the (1) Open, (2) Close, or (3) SetCurrentLanguage method.

Affected products

• InduSoft / Web Studio7.0b2 – 7.0b2

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/44875
• MISChttp://secunia.com/secunia_research/2011-61/
• VENDOR_ADVISORYhttp://ics-cert.us-cert.gov/advisories/ICSA-11-273-02
• MISChttp://www.indusoft.com/hotfixes/hotfixes.php
• MISChttp://www.securityfocus.com/bid/49403