Details of VAR-201105-0156

ID

VAR-201105-0156

CVE

CVE-2011-0340

TITLE

ISSymbol Virtual machine ISSymbol ActiveX Control buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2011-004090

DESCRIPTION

Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method. Overly long to method bstrFileName argument. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within ISSymbol.ocx ActiveX component. When an overly large string is passed as the 'InternationalOrder' parameter, a heap overflow occurs. This vulnerability can be leveraged to execute code under the context of the user running the browser. InduSoft Web Studio is a powerful and complete graphics control software that includes the various functional modules required to develop Human Machine Interface (HMI), Management Control, Data Acquisition System (SCADA) and embedded control. The Advantech Studio ISSymbol ActiveX control handles boundary errors in the \"InternationalSeparator\" property. The Advantech Studio ISSymbol ActiveX control is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions. Advantech Studio 6.1 SP6 Build 61.6.01.05 is vulnerable; other versions may also be affected. There are multiple buffer overflow vulnerabilities in InduSoft ISSymbol ActiveX control 6.1 SP6 Build 61.6.01.05 (ISSymbol.ocx 61.6.0.0) and other versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-155 : InduSoft Thin Client ISSymbol InternationalOrder Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-155 August 22, 2012 - -- CVE ID: CVE-2011-0340 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Indusoft - -- Affected Products: Indusoft WebStudio - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12505. - -- Vendor Response: Indusoft has issued an update to correct this vulnerability. More details can be found at: http://www.indusoft.com/hotfixes/hotfixes.php - -- Disclosure Timeline: 2011-10-28 - Vulnerability reported to vendor 2012-08-22 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Alexander Gavrun - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUDUFHFVtgMGTo1scAQJ1Twf8C0MRiovFv7JVpAgg+lOYT3HW7MYdUKAx /I+4hvkGyeKKCCkvIOkx0y7eSdwp4paxVZAd0WYTfsG0K1h+bBngt6m+3Nicx0Iq YuqyOluJTW4ymXUSwvX8MZ39709DQXEl5yp9JvIX+Dc4WY7TKauGYKIfbb/VRMQq VYgQPhnlv8laGORlVREpu+yrOPdYLbQSucewpaLXd4b8uw1+Kmurjepiil5vxqPD G3fD23i1jGrbg6aX0AlvECo1M12alERft7wjtI21D7VP7G3uBYwiAJ8jxutavMQY Yf5K6rzdbx+96MuFco7aYB49GBQDpMYvWeWur3YEv1GqR7bSotpO1Q== =Yxrq -----END PGP SIGNATURE-----

Trust: 6.3

sources: NVD: CVE-2011-0340 // JVNDB: JVNDB-2011-004090 // ZDI: ZDI-12-155 // ZDI: ZDI-12-168 // CNVD: CNVD-2011-1637 // CNVD: CNVD-2011-1636 // CNVD: CNVD-2011-1634 // CNVD: CNVD-2011-1635 // BID: 47596 // IVD: 03126d9a-2355-11e6-abef-000c29c66e3d // IVD: 0a3c1e31-e21b-43a6-bc03-7b31c6d49349 // IVD: b3a31758-1f96-11e6-abef-000c29c66e3d // IVD: d282dd20-1f96-11e6-abef-000c29c66e3d // VULHUB: VHN-48285 // PACKETSTORM: 115995 // PACKETSTORM: 115807

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 3.2

AFFECTED PRODUCTS

vendor:	indusoft	model:	thin client	scope:	eq	version:	7.0	Trust: 3.7
vendor:	indusoft	model:	web studio 7.0b2	scope:	-	version:	-	Trust: 2.7
vendor:	advantech	model:	studio sp6 build	scope:	eq	version:	6.161.6.0	Trust: 2.7
vendor:	web studio	model:	-	scope:	eq	version:	6.1	Trust: 1.6
vendor:	indusoft	model:	web studio	scope:	eq	version:	6.1	Trust: 1.6
vendor:	indusoft	model:	webstudio	scope:	-	version:	-	Trust: 1.4
vendor:	indusoft	model:	web studio	scope:	lte	version:	7.0	Trust: 1.0
vendor:	advantech	model:	studio	scope:	eq	version:	6.1	Trust: 1.0
vendor:	advantech studio	model:	-	scope:	eq	version:	6.1	Trust: 0.8
vendor:	thin client	model:	-	scope:	eq	version:	7.0	Trust: 0.8
vendor:	web studio	model:	-	scope:	eq	version:	*	Trust: 0.8
vendor:	schneider electric	model:	indusoft web studio	scope:	lt	version:	7.0+sp1	Trust: 0.8
vendor:	schneider electric	model:	thin client	scope:	eq	version:	7.0	Trust: 0.8
vendor:	advantech	model:	studio	scope:	eq	version:	6.1:sp6_61.6.01.05	Trust: 0.8
vendor:	indusoft	model:	web studio	scope:	ne	version:	7.0.104	Trust: 0.3
vendor:	advantech	model:	studio	scope:	ne	version:	7.0	Trust: 0.3

sources: IVD: 03126d9a-2355-11e6-abef-000c29c66e3d // IVD: 0a3c1e31-e21b-43a6-bc03-7b31c6d49349 // IVD: b3a31758-1f96-11e6-abef-000c29c66e3d // IVD: d282dd20-1f96-11e6-abef-000c29c66e3d // ZDI: ZDI-12-155 // ZDI: ZDI-12-168 // CNVD: CNVD-2011-1637 // CNVD: CNVD-2011-1636 // CNVD: CNVD-2011-1634 // CNVD: CNVD-2011-1635 // BID: 47596 // JVNDB: JVNDB-2011-004090 // CNNVD: CNNVD-201104-318 // NVD: CVE-2011-0340

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2011-0340
value:	HIGH
Trust: 1.4
nvd@nist.gov:	CVE-2011-0340
value:	HIGH
Trust: 1.0
NVD:	CVE-2011-0340
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201104-318
value:	CRITICAL
Trust: 0.6
IVD:	03126d9a-2355-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
IVD:	0a3c1e31-e21b-43a6-bc03-7b31c6d49349
value:	CRITICAL
Trust: 0.2
IVD:	b3a31758-1f96-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
IVD:	d282dd20-1f96-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-48285
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2011-0340
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2011-0340
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.4
IVD:	03126d9a-2355-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	0a3c1e31-e21b-43a6-bc03-7b31c6d49349
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	b3a31758-1f96-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	d282dd20-1f96-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-48285
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-48285 // JVNDB: JVNDB-2011-004090 // NVD: CVE-2011-0340

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 115995 // PACKETSTORM: 115807 // CNNVD: CNNVD-201104-318

TYPE

Buffer overflow

Trust: 1.4

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-004090

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-48285

PATCH

title:	Indusoft has issued an update to correct this vulnerability.	url:	http://www.indusoft.com/hotfixes/hotfixes.php	Trust: 1.4
title:	Top Page	url:	http://www.advantech.com/products/	Trust: 0.8
title:	Advantech Studio ISSymbol ActiveX Buffer Overflow	url:	http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm	Trust: 0.8
title:	Security Updates and Hotfixes	url:	http://www.indusoft.com/Login?returnurl=%2fProducts-Downloads%2fSecurity-Hotfix-Updates	Trust: 0.8
title:	Advantech Studio ISSymbol ActiveX control has a patch for border vulnerabilities when creating log files	url:	https://www.cnvd.org.cn/patchInfo/show/3696	Trust: 0.6
title:	Advantech Studio ISSymbol ActiveX control handles patches for boundary violations in some windows processes	url:	https://www.cnvd.org.cn/patchInfo/show/3695	Trust: 0.6
title:	Advantech Studio ISSymbol ActiveX Control Processing	url:	https://www.cnvd.org.cn/patchInfo/show/3693	Trust: 0.6
title:	Advantech Studio ISSymbol ActiveX control handles the \"InternationalSeparator\" attribute with a border vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/3694	Trust: 0.6

sources: ZDI: ZDI-12-155 // ZDI: ZDI-12-168 // CNVD: CNVD-2011-1637 // CNVD: CNVD-2011-1636 // CNVD: CNVD-2011-1634 // CNVD: CNVD-2011-1635 // JVNDB: JVNDB-2011-004090

EXTERNAL IDS

db:	NVD	id:	CVE-2011-0340	Trust: 7.6
db:	ICS CERT	id:	ICSA-12-137-02	Trust: 2.2
db:	ICS CERT	id:	ICSA-12-249-03	Trust: 1.9
db:	SECUNIA	id:	43116	Trust: 1.7
db:	CNNVD	id:	CNNVD-201104-318	Trust: 1.5
db:	BID	id:	47596	Trust: 1.4
db:	SECUNIA	id:	42928	Trust: 1.1
db:	VUPEN	id:	ADV-2011-1115	Trust: 1.1
db:	VUPEN	id:	ADV-2011-1116	Trust: 1.1
db:	CNVD	id:	CNVD-2011-1635	Trust: 0.8
db:	CNVD	id:	CNVD-2011-1637	Trust: 0.8
db:	CNVD	id:	CNVD-2011-1634	Trust: 0.8
db:	CNVD	id:	CNVD-2011-1636	Trust: 0.8
db:	ZDI	id:	ZDI-12-155	Trust: 0.8
db:	ZDI	id:	ZDI-12-168	Trust: 0.8
db:	ICS CERT	id:	ICSA-11-168-01A	Trust: 0.8
db:	ICS CERT ALERT	id:	ICS-ALERT-11-131-01	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-004090	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-1341	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-1342	Trust: 0.7
db:	NSFOCUS	id:	17594	Trust: 0.6
db:	ICS CERT ALERT	id:	ICS-ALERT-11-230-01	Trust: 0.3
db:	IVD	id:	03126D9A-2355-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	0A3C1E31-E21B-43A6-BC03-7B31C6D49349	Trust: 0.2
db:	IVD	id:	B3A31758-1F96-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	D282DD20-1F96-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	PACKETSTORM	id:	115995	Trust: 0.2
db:	PACKETSTORM	id:	115807	Trust: 0.2
db:	PACKETSTORM	id:	118932	Trust: 0.1
db:	SEEBUG	id:	SSVID-77261	Trust: 0.1
db:	EXPLOIT-DB	id:	23500	Trust: 0.1
db:	VULHUB	id:	VHN-48285	Trust: 0.1

sources: IVD: 03126d9a-2355-11e6-abef-000c29c66e3d // IVD: 0a3c1e31-e21b-43a6-bc03-7b31c6d49349 // IVD: b3a31758-1f96-11e6-abef-000c29c66e3d // IVD: d282dd20-1f96-11e6-abef-000c29c66e3d // ZDI: ZDI-12-155 // ZDI: ZDI-12-168 // CNVD: CNVD-2011-1637 // CNVD: CNVD-2011-1636 // CNVD: CNVD-2011-1634 // CNVD: CNVD-2011-1635 // VULHUB: VHN-48285 // BID: 47596 // JVNDB: JVNDB-2011-004090 // PACKETSTORM: 115995 // PACKETSTORM: 115807 // CNNVD: CNNVD-201104-318 // NVD: CVE-2011-0340

REFERENCES

url:	http://www.indusoft.com/hotfixes/hotfixes.php	Trust: 3.6
url:	http://secunia.com/secunia_research/2011-37/http	Trust: 2.4
url:	http://www.us-cert.gov/control_systems/pdf/icsa-12-137-02.pdf	Trust: 2.2
url:	http://ics-cert.us-cert.gov/advisories/icsa-12-249-03	Trust: 1.9
url:	http://secunia.com/secunia_research/2011-36/	Trust: 1.7
url:	http://secunia.com/advisories/43116	Trust: 1.7
url:	http://secunia.com/secunia_research/2011-37/	Trust: 1.4
url:	http://www.securityfocus.com/bid/47596	Trust: 1.1
url:	http://www.advantechdirect.com/emarketingprograms/astudio_patch/astudio7.0_patch_final.htm	Trust: 1.1
url:	http://secunia.com/advisories/42928	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2011/1115	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2011/1116	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0340	Trust: 0.8
url:	http://www.us-cert.gov/control_systems/pdf/icsa-11-168-01a.pdf	Trust: 0.8
url:	http://www.us-cert.gov/control_systems/pdf/ics-alert-11-131-01.pdf	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0340	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/17594	Trust: 0.6
url:	http://www.advantech.com/products/advantech-studio/mod_3d1b45b0-b0af-405c-a9cc-a27b35774634.aspx	Trust: 0.3
url:	http://www.indusoft.com/indusoftart.php?catid=1&name=iws/webstudio	Trust: 0.3
url:	http://www.us-cert.gov/control_systems/pdf/ics-alert-11-230-01.pdf	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/disclosure_policy/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2011-0340	Trust: 0.2
url:	http://twitter.com/thezdi	Trust: 0.2
url:	http://www.tippingpoint.com	Trust: 0.2
url:	http://www.zerodayinitiative.com	Trust: 0.2
url:	http://www.zerodayinitiative.com/advisories/zdi-12-168	Trust: 0.1
url:	http://www.zerodayinitiative.com/advisories/zdi-12-155	Trust: 0.1

sources: ZDI: ZDI-12-155 // ZDI: ZDI-12-168 // CNVD: CNVD-2011-1637 // CNVD: CNVD-2011-1636 // CNVD: CNVD-2011-1634 // CNVD: CNVD-2011-1635 // VULHUB: VHN-48285 // BID: 47596 // JVNDB: JVNDB-2011-004090 // PACKETSTORM: 115995 // PACKETSTORM: 115807 // CNNVD: CNNVD-201104-318 // NVD: CVE-2011-0340

CREDITS

Alexander Gavrun

Trust: 1.4

sources: ZDI: ZDI-12-155 // ZDI: ZDI-12-168

SOURCES

db:	IVD	id:	03126d9a-2355-11e6-abef-000c29c66e3d
db:	IVD	id:	0a3c1e31-e21b-43a6-bc03-7b31c6d49349
db:	IVD	id:	b3a31758-1f96-11e6-abef-000c29c66e3d
db:	IVD	id:	d282dd20-1f96-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-12-155
db:	ZDI	id:	ZDI-12-168
db:	CNVD	id:	CNVD-2011-1637
db:	CNVD	id:	CNVD-2011-1636
db:	CNVD	id:	CNVD-2011-1634
db:	CNVD	id:	CNVD-2011-1635
db:	VULHUB	id:	VHN-48285
db:	BID	id:	47596
db:	JVNDB	id:	JVNDB-2011-004090
db:	PACKETSTORM	id:	115995
db:	PACKETSTORM	id:	115807
db:	CNNVD	id:	CNNVD-201104-318
db:	NVD	id:	CVE-2011-0340

LAST UPDATE DATE

2024-09-15T22:55:59.010000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-12-155	date:	2012-08-22T00:00:00
db:	ZDI	id:	ZDI-12-168	date:	2012-08-29T00:00:00
db:	CNVD	id:	CNVD-2011-1637	date:	2011-04-28T00:00:00
db:	CNVD	id:	CNVD-2011-1636	date:	2011-04-28T00:00:00
db:	CNVD	id:	CNVD-2011-1634	date:	2011-04-28T00:00:00
db:	CNVD	id:	CNVD-2011-1635	date:	2011-04-28T00:00:00
db:	VULHUB	id:	VHN-48285	date:	2013-05-21T00:00:00
db:	BID	id:	47596	date:	2013-04-02T15:57:00
db:	JVNDB	id:	JVNDB-2011-004090	date:	2016-04-06T00:00:00
db:	CNNVD	id:	CNNVD-201104-318	date:	2011-05-06T00:00:00
db:	NVD	id:	CVE-2011-0340	date:	2013-05-21T03:04:44.983

SOURCES RELEASE DATE

db:	IVD	id:	03126d9a-2355-11e6-abef-000c29c66e3d	date:	2011-04-28T00:00:00
db:	IVD	id:	0a3c1e31-e21b-43a6-bc03-7b31c6d49349	date:	2011-04-28T00:00:00
db:	IVD	id:	b3a31758-1f96-11e6-abef-000c29c66e3d	date:	2011-04-28T00:00:00
db:	IVD	id:	d282dd20-1f96-11e6-abef-000c29c66e3d	date:	2011-04-28T00:00:00
db:	ZDI	id:	ZDI-12-155	date:	2012-08-22T00:00:00
db:	ZDI	id:	ZDI-12-168	date:	2012-08-29T00:00:00
db:	CNVD	id:	CNVD-2011-1637	date:	2011-04-28T00:00:00
db:	CNVD	id:	CNVD-2011-1636	date:	2011-04-28T00:00:00
db:	CNVD	id:	CNVD-2011-1634	date:	2011-04-28T00:00:00
db:	CNVD	id:	CNVD-2011-1635	date:	2011-04-28T00:00:00
db:	VULHUB	id:	VHN-48285	date:	2011-05-04T00:00:00
db:	BID	id:	47596	date:	2011-04-27T00:00:00
db:	JVNDB	id:	JVNDB-2011-004090	date:	2012-03-27T00:00:00
db:	PACKETSTORM	id:	115995	date:	2012-08-29T14:17:01
db:	PACKETSTORM	id:	115807	date:	2012-08-23T02:40:38
db:	CNNVD	id:	CNNVD-201104-318	date:	2011-04-28T00:00:00
db:	NVD	id:	CVE-2011-0340	date:	2011-05-04T22:55:01.467