ID

VAR-201204-0093


CVE

CVE-2011-4042


TITLE

PcVue ActiveX Control Array Overflow Vulnerability

Trust: 0.8

sources: IVD: 0590fe00-1f87-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3898

DESCRIPTION

An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer. PcVue is a data acquisition control system software from ARC Informatique. There is a security hole in the PcVue control. You can write dword to any memory location through the GetExtendedColor method in SVUIGrd.ocx. Arc Informatique handles the \"SaveObject()\" and \"LoadObject()\" methods (SVUIGrd.ocx) with errors that can be exploited to execute virtual function calls at any memory location via a specially crafted \"aStream\" parameter. The Save/LoadObject method in SVUIGrd.ocx can be used to destroy local files. The aipgctl.ocx DeletePage method has an array overflow problem. The PcVue ActiveX control is prone to multiple vulnerabilities. Failed exploit attempts may result in a denial-of-service condition. PcVue 10.0 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Arc Informatique Products Multiple ActiveX Controls Vulnerabilities SECUNIA ADVISORY ID: SA47131 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47131/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47131 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47131/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47131/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47131 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in multiple Arc Informatique products, which can be exploited by malicious people to manipulate certain data and compromise a user's system. 3) An error in the "SaveObject()" method (SVUIGrd.ocx) can be exploited to overwrite arbitrary files via directory traversal sequences. The vulnerabilities are reported in the following versions: * PcVue versions 6.x, 7.x, 8.x, 9.x, and 10.x. SOLUTION: Update to a fixed version. Contact the vendor for details. PROVIDED AND/OR DISCOVERED BY: 1 - 4) Luigi Auriemma 2) ICS-CERT credits Kuang-Chun Hung, Security Research and Service Institute Information and Communication Security Technology Center (ICST) ORIGINAL ADVISORY: Luigi: http://aluigi.altervista.org/adv/pcvue_1-adv.txt ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 5.58

sources: NVD: CVE-2011-4042 // JVNDB: JVNDB-2011-005027 // CNVD: CNVD-2011-3894 // CNVD: CNVD-2011-5210 // CNVD: CNVD-2011-3890 // CNVD: CNVD-2011-3897 // CNVD: CNVD-2011-3898 // BID: 49795 // IVD: 0590fe00-1f87-11e6-abef-000c29c66e3d // IVD: e8cc9edc-1f86-11e6-abef-000c29c66e3d // IVD: 0a723948-1f87-11e6-abef-000c29c66e3d // IVD: 07408fb8-1f87-11e6-abef-000c29c66e3d // IVD: f92d4d78-2353-11e6-abef-000c29c66e3d // PACKETSTORM: 107615

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 4.0

sources: IVD: 0590fe00-1f87-11e6-abef-000c29c66e3d // IVD: e8cc9edc-1f86-11e6-abef-000c29c66e3d // IVD: 0a723948-1f87-11e6-abef-000c29c66e3d // IVD: 07408fb8-1f87-11e6-abef-000c29c66e3d // IVD: f92d4d78-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3894 // CNVD: CNVD-2011-5210 // CNVD: CNVD-2011-3890 // CNVD: CNVD-2011-3897 // CNVD: CNVD-2011-3898

AFFECTED PRODUCTS

vendor:arcmodel:informatique pcvuescope:eqversion:10.0

Trust: 3.5

vendor:arcinfomodel:pcvuescope:eqversion:10.0

Trust: 1.6

vendor:arcinfomodel:pcvuescope:eqversion:6.0

Trust: 1.6

vendor:arcinfomodel:pcvuescope:eqversion:9.0

Trust: 1.6

vendor:arcinfomodel:pcvuescope:eqversion:8.2

Trust: 1.6

vendor:arcinfomodel:plantvuescope:eqversion:*

Trust: 1.0

vendor:arcinfomodel:frontvuescope:eqversion:*

Trust: 1.0

vendor:arc informatiquemodel:frontvuescope: - version: -

Trust: 0.8

vendor:arc informatiquemodel:pcvuescope:eqversion:6.0 to 10.0

Trust: 0.8

vendor:arc informatiquemodel:plantvuescope: - version: -

Trust: 0.8

vendor:arcmodel:informatique frontvuescope: - version: -

Trust: 0.6

vendor:arcmodel:informatique pcvuescope:eqversion:6.x

Trust: 0.6

vendor:arcmodel:informatique pcvuescope:eqversion:7.x

Trust: 0.6

vendor:arcmodel:informatique pcvuescope:eqversion:8.x

Trust: 0.6

vendor:arcmodel:informatique pcvuescope:eqversion:9.x

Trust: 0.6

vendor:arcmodel:informatique pcvuescope:eqversion:10.x

Trust: 0.6

vendor:arcmodel:informatique plantvuescope: - version: -

Trust: 0.6

vendor:arcinfomodel:plantvuescope: - version: -

Trust: 0.6

vendor:arcinfomodel:frontvuescope: - version: -

Trust: 0.6

vendor:arcmodel:informatique plantvuescope:eqversion:0

Trust: 0.3

vendor:arcmodel:informatique pcvuescope:eqversion:6

Trust: 0.3

vendor:arcmodel:informatique frontvuescope:eqversion:0

Trust: 0.3

vendor:frontvuemodel: - scope:eqversion:*

Trust: 0.2

vendor:pcvuemodel: - scope:eqversion:6.0

Trust: 0.2

vendor:pcvuemodel: - scope:eqversion:8.2

Trust: 0.2

vendor:pcvuemodel: - scope:eqversion:9.0

Trust: 0.2

vendor:pcvuemodel: - scope:eqversion:10.0

Trust: 0.2

vendor:plantvuemodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 0590fe00-1f87-11e6-abef-000c29c66e3d // IVD: e8cc9edc-1f86-11e6-abef-000c29c66e3d // IVD: 0a723948-1f87-11e6-abef-000c29c66e3d // IVD: 07408fb8-1f87-11e6-abef-000c29c66e3d // IVD: f92d4d78-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3894 // CNVD: CNVD-2011-5210 // CNVD: CNVD-2011-3890 // CNVD: CNVD-2011-3897 // CNVD: CNVD-2011-3898 // BID: 49795 // JVNDB: JVNDB-2011-005027 // CNNVD: CNNVD-201112-099 // NVD: CVE-2011-4042

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4042
value: HIGH

Trust: 1.0

NVD: CVE-2011-4042
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201112-099
value: CRITICAL

Trust: 0.6

IVD: 0590fe00-1f87-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

IVD: e8cc9edc-1f86-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

IVD: 0a723948-1f87-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

IVD: 07408fb8-1f87-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

IVD: f92d4d78-2353-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2011-4042
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 0590fe00-1f87-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: e8cc9edc-1f86-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 0a723948-1f87-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 07408fb8-1f87-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: f92d4d78-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 0590fe00-1f87-11e6-abef-000c29c66e3d // IVD: e8cc9edc-1f86-11e6-abef-000c29c66e3d // IVD: 0a723948-1f87-11e6-abef-000c29c66e3d // IVD: 07408fb8-1f87-11e6-abef-000c29c66e3d // IVD: f92d4d78-2353-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2011-005027 // CNNVD: CNNVD-201112-099 // NVD: CVE-2011-4042

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2011-4042

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201109-579 // CNNVD: CNNVD-201112-099

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201112-099

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-005027

PATCH

title:Security Alertsurl:http://www.pcvuesolutions.com/index.php?option=com_content&view=article&id=244&Itemid=257

Trust: 0.8

title:Top Pageurl:http://www.pcvuesolutions.com/index.php?option=com_content&view=frontpage&Itemid=9&lang=ja

Trust: 0.8

title:Patch for Arc Informatique Product ActiveX Control Vulnerability (CNVD-2011-5210)url:https://www.cnvd.org.cn/patchInfo/show/6192

Trust: 0.6

sources: CNVD: CNVD-2011-5210 // JVNDB: JVNDB-2011-005027

EXTERNAL IDS

db:NVDid:CVE-2011-4042

Trust: 4.3

db:BIDid:49795

Trust: 3.3

db:ICS CERTid:ICSA-11-340-01

Trust: 2.8

db:CNNVDid:CNNVD-201112-099

Trust: 1.6

db:SECUNIAid:47131

Trust: 1.4

db:CNVDid:CNVD-2011-3898

Trust: 0.8

db:CNVDid:CNVD-2011-3890

Trust: 0.8

db:CNVDid:CNVD-2011-3894

Trust: 0.8

db:CNVDid:CNVD-2011-3897

Trust: 0.8

db:CNVDid:CNVD-2011-5210

Trust: 0.8

db:ICS CERT ALERTid:ICS-ALERT-11-271-01

Trust: 0.8

db:JVNDBid:JVNDB-2011-005027

Trust: 0.8

db:CNNVDid:CNNVD-201109-579

Trust: 0.6

db:NSFOCUSid:18354

Trust: 0.6

db:IVDid:0590FE00-1F87-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:E8CC9EDC-1F86-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:0A723948-1F87-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:07408FB8-1F87-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:F92D4D78-2353-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:PACKETSTORMid:107615

Trust: 0.1

sources: IVD: 0590fe00-1f87-11e6-abef-000c29c66e3d // IVD: e8cc9edc-1f86-11e6-abef-000c29c66e3d // IVD: 0a723948-1f87-11e6-abef-000c29c66e3d // IVD: 07408fb8-1f87-11e6-abef-000c29c66e3d // IVD: f92d4d78-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3894 // CNVD: CNVD-2011-5210 // CNVD: CNVD-2011-3890 // CNVD: CNVD-2011-3897 // CNVD: CNVD-2011-3898 // BID: 49795 // JVNDB: JVNDB-2011-005027 // PACKETSTORM: 107615 // CNNVD: CNNVD-201109-579 // CNNVD: CNNVD-201112-099 // NVD: CVE-2011-4042

REFERENCES

url:http://aluigi.altervista.org/adv/pcvue_1-adv.txt

Trust: 2.8

url:http://www.us-cert.gov/control_systems/pdf/icsa-11-340-01.pdf

Trust: 2.8

url:https://support.pcvuescada.com/index.php?option=com_k2&view=item&id=512&itemid=440

Trust: 1.6

url:http://www.pcvuesolutions.com/index.php?option=com_content&view=article&id=244&itemid=257

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4042

Trust: 0.8

url:http://www.us-cert.gov/control_systems/pdf/ics-alert-11-271-01.pdf

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4042

Trust: 0.8

url:http://secunia.com/advisories/47131/

Trust: 0.7

url:http://www.securityfocus.com/bid/49795

Trust: 0.6

url:http://secunia.com/advisories/47131

Trust: 0.6

url:http://www.nsfocus.net/vulndb/18354

Trust: 0.6

url:http://support.microsoft.com/kb/240797

Trust: 0.3

url:http://www.arcinfo.com/index.php?option=com_content&id=2&itemid=151

Trust: 0.3

url:http://secunia.com/advisories/47131/#comments

Trust: 0.1

url:http://secunia.com/company/jobs/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47131

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2011-3894 // CNVD: CNVD-2011-5210 // CNVD: CNVD-2011-3890 // CNVD: CNVD-2011-3897 // CNVD: CNVD-2011-3898 // BID: 49795 // JVNDB: JVNDB-2011-005027 // PACKETSTORM: 107615 // CNNVD: CNNVD-201109-579 // CNNVD: CNNVD-201112-099 // NVD: CVE-2011-4042

CREDITS

Luigi Auriemma

Trust: 0.9

sources: BID: 49795 // CNNVD: CNNVD-201109-579

SOURCES

db:IVDid:0590fe00-1f87-11e6-abef-000c29c66e3d
db:IVDid:e8cc9edc-1f86-11e6-abef-000c29c66e3d
db:IVDid:0a723948-1f87-11e6-abef-000c29c66e3d
db:IVDid:07408fb8-1f87-11e6-abef-000c29c66e3d
db:IVDid:f92d4d78-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-3894
db:CNVDid:CNVD-2011-5210
db:CNVDid:CNVD-2011-3890
db:CNVDid:CNVD-2011-3897
db:CNVDid:CNVD-2011-3898
db:BIDid:49795
db:JVNDBid:JVNDB-2011-005027
db:PACKETSTORMid:107615
db:CNNVDid:CNNVD-201109-579
db:CNNVDid:CNNVD-201112-099
db:NVDid:CVE-2011-4042

LAST UPDATE DATE

2024-08-14T14:34:30.507000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-3894date:2011-09-28T00:00:00
db:CNVDid:CNVD-2011-5210date:2011-12-09T00:00:00
db:CNVDid:CNVD-2011-3890date:2011-09-28T00:00:00
db:CNVDid:CNVD-2011-3897date:2011-09-28T00:00:00
db:CNVDid:CNVD-2011-3898date:2011-09-28T00:00:00
db:BIDid:49795date:2011-12-06T22:07:00
db:JVNDBid:JVNDB-2011-005027date:2012-04-04T00:00:00
db:CNNVDid:CNNVD-201109-579date:2011-09-29T00:00:00
db:CNNVDid:CNNVD-201112-099date:2011-12-09T00:00:00
db:NVDid:CVE-2011-4042date:2012-04-03T04:00:00

SOURCES RELEASE DATE

db:IVDid:0590fe00-1f87-11e6-abef-000c29c66e3ddate:2011-09-28T00:00:00
db:IVDid:e8cc9edc-1f86-11e6-abef-000c29c66e3ddate:2011-09-28T00:00:00
db:IVDid:0a723948-1f87-11e6-abef-000c29c66e3ddate:2011-09-28T00:00:00
db:IVDid:07408fb8-1f87-11e6-abef-000c29c66e3ddate:2011-09-28T00:00:00
db:IVDid:f92d4d78-2353-11e6-abef-000c29c66e3ddate:2011-12-09T00:00:00
db:CNVDid:CNVD-2011-3894date:2011-09-28T00:00:00
db:CNVDid:CNVD-2011-5210date:2011-12-09T00:00:00
db:CNVDid:CNVD-2011-3890date:2011-09-28T00:00:00
db:CNVDid:CNVD-2011-3897date:2011-09-28T00:00:00
db:CNVDid:CNVD-2011-3898date:2011-09-28T00:00:00
db:BIDid:49795date:2011-09-27T00:00:00
db:JVNDBid:JVNDB-2011-005027date:2012-04-04T00:00:00
db:PACKETSTORMid:107615date:2011-12-07T07:51:44
db:CNNVDid:CNNVD-201109-579date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201112-099date:2011-12-09T00:00:00
db:NVDid:CVE-2011-4042date:2012-04-03T03:44:35.930