CVE-2011-2959

Description

Stack-based buffer overflow in the Open Database Connectivity (ODBC) service (Odbcixv9se.exe) in 7-Technologies Interactive Graphical SCADA System (IGSS) 9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to TCP port 22202.

Affected products

• 7t / igss9
• 7t / igss2.0 – 2.0
• 7t / igss3.0 – 3.0
• 7t / igss4.1 – 4.1
• 7t / igss5.0 – 5.0
• 7t / igss5.1 – 5.1
• 7t / igss6 – 6
• 7t / igss7 – 7
• 7t / igss8 – 8

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/44345
• MISChttp://www.us-cert.gov/control_systems/pdf/ICSA-11-119-01.pdf
• MISChttp://www.osvdb.org/72117
• VENDOR_ADVISORYhttp://www.insomniasec.com/advisories/ISVA-110427.1.htm