Details of VAR-201204-0096

ID

VAR-201204-0096

CVE

CVE-2011-4045

TITLE

plural ARC Informatique Product ActiveX Control buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2011-005030

DESCRIPTION

Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document. Arc Informatique handles the \"DeletePage()\" method (aipgctl.ocx) with an error that can be exploited to execute virtual function calls at any memory location. PcVue is a data acquisition control system software from ARC Informatique. There is a security hole in the PcVue control. You can write dword to any memory location through the GetExtendedColor method in SVUIGrd.ocx. The Save/LoadObject method in the SVUIGrd.ocx control is used directly as a function pointer, and there is an arbitrary code execution vulnerability. The Save/LoadObject method in SVUIGrd.ocx can be used to destroy local files. The aipgctl.ocx DeletePage method has an array overflow problem. The PcVue ActiveX control is prone to multiple vulnerabilities. Successfully exploiting these issues allows remote attackers to create or overwrite arbitrary local files and execute arbitrary code. Failed exploit attempts may result in a denial-of-service condition. PcVue 10.0 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Arc Informatique Products Multiple ActiveX Controls Vulnerabilities SECUNIA ADVISORY ID: SA47131 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47131/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47131 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47131/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47131/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47131 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in multiple Arc Informatique products, which can be exploited by malicious people to manipulate certain data and compromise a user's system. 3) An error in the "SaveObject()" method (SVUIGrd.ocx) can be exploited to overwrite arbitrary files via directory traversal sequences. The vulnerabilities are reported in the following versions: * PcVue versions 6.x, 7.x, 8.x, 9.x, and 10.x. SOLUTION: Update to a fixed version. Contact the vendor for details. PROVIDED AND/OR DISCOVERED BY: 1 - 4) Luigi Auriemma 2) ICS-CERT credits Kuang-Chun Hung, Security Research and Service Institute Information and Communication Security Technology Center (ICST) ORIGINAL ADVISORY: Luigi: http://aluigi.altervista.org/adv/pcvue_1-adv.txt ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 4.86

sources: NVD: CVE-2011-4045 // JVNDB: JVNDB-2011-005030 // CNVD: CNVD-2011-5208 // CNVD: CNVD-2011-3894 // CNVD: CNVD-2011-3890 // CNVD: CNVD-2011-3897 // CNVD: CNVD-2011-3898 // BID: 49795 // IVD: f9431612-2353-11e6-abef-000c29c66e3d // PACKETSTORM: 107615

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 3.2

sources: IVD: f9431612-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5208 // CNVD: CNVD-2011-3894 // CNVD: CNVD-2011-3890 // CNVD: CNVD-2011-3897 // CNVD: CNVD-2011-3898

AFFECTED PRODUCTS

vendor:	arc	model:	informatique pcvue	scope:	eq	version:	10.0	Trust: 2.7
vendor:	arcinfo	model:	pcvue	scope:	eq	version:	10.0	Trust: 1.6
vendor:	arcinfo	model:	pcvue	scope:	eq	version:	6.0	Trust: 1.6
vendor:	arcinfo	model:	pcvue	scope:	eq	version:	9.0	Trust: 1.6
vendor:	arcinfo	model:	pcvue	scope:	eq	version:	8.2	Trust: 1.6
vendor:	arcinfo	model:	plantvue	scope:	eq	version:	-	Trust: 1.6
vendor:	arcinfo	model:	frontvue	scope:	eq	version:	-	Trust: 1.6
vendor:	arc informatique	model:	frontvue	scope:	-	version:	-	Trust: 0.8
vendor:	arc informatique	model:	pcvue	scope:	eq	version:	6.0 to 10.0	Trust: 0.8
vendor:	arc informatique	model:	plantvue	scope:	-	version:	-	Trust: 0.8
vendor:	arc	model:	informatique frontvue	scope:	-	version:	-	Trust: 0.6
vendor:	arc	model:	informatique pcvue	scope:	eq	version:	6.x	Trust: 0.6
vendor:	arc	model:	informatique pcvue	scope:	eq	version:	7.x	Trust: 0.6
vendor:	arc	model:	informatique pcvue	scope:	eq	version:	8.x	Trust: 0.6
vendor:	arc	model:	informatique pcvue	scope:	eq	version:	9.x	Trust: 0.6
vendor:	arc	model:	informatique pcvue	scope:	eq	version:	10.x	Trust: 0.6
vendor:	arc	model:	informatique plantvue	scope:	-	version:	-	Trust: 0.6
vendor:	arc	model:	informatique plantvue	scope:	eq	version:	0	Trust: 0.3
vendor:	arc	model:	informatique pcvue	scope:	eq	version:	6	Trust: 0.3
vendor:	arc	model:	informatique frontvue	scope:	eq	version:	0	Trust: 0.3
vendor:	frontvue	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	pcvue	model:	-	scope:	eq	version:	6.0	Trust: 0.2
vendor:	pcvue	model:	-	scope:	eq	version:	8.2	Trust: 0.2
vendor:	pcvue	model:	-	scope:	eq	version:	9.0	Trust: 0.2
vendor:	pcvue	model:	-	scope:	eq	version:	10.0	Trust: 0.2
vendor:	plantvue	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: f9431612-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5208 // CNVD: CNVD-2011-3894 // CNVD: CNVD-2011-3890 // CNVD: CNVD-2011-3897 // CNVD: CNVD-2011-3898 // BID: 49795 // JVNDB: JVNDB-2011-005030 // CNNVD: CNNVD-201112-102 // NVD: CVE-2011-4045

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-4045
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-4045
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201112-102
value:	MEDIUM
Trust: 0.6
IVD:	f9431612-2353-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2011-4045
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	f9431612-2353-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: f9431612-2353-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2011-005030 // CNNVD: CNNVD-201112-102 // NVD: CVE-2011-4045

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2011-005030 // NVD: CVE-2011-4045

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201109-579 // CNNVD: CNNVD-201112-102

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: f9431612-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201112-102

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-005030

PATCH

title:	Security Alerts	url:	http://www.pcvuesolutions.com/index.php?option=com_content&view=article&id=244&Itemid=257	Trust: 0.8
title:	Top Page	url:	http://www.pcvuesolutions.com/index.php?option=com_content&view=frontpage&Itemid=9&lang=ja	Trust: 0.8
title:	Patch for Arc Informatique Product ActiveX Control Vulnerability (CNVD-2011-5208)	url:	https://www.cnvd.org.cn/patchInfo/show/6191	Trust: 0.6

sources: CNVD: CNVD-2011-5208 // JVNDB: JVNDB-2011-005030

EXTERNAL IDS

db:	NVD	id:	CVE-2011-4045	Trust: 3.5
db:	BID	id:	49795	Trust: 3.3
db:	ICS CERT	id:	ICSA-11-340-01	Trust: 2.8
db:	SECUNIA	id:	47131	Trust: 1.4
db:	CNVD	id:	CNVD-2011-5208	Trust: 0.8
db:	CNNVD	id:	CNNVD-201112-102	Trust: 0.8
db:	ICS CERT ALERT	id:	ICS-ALERT-11-271-01	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-005030	Trust: 0.8
db:	CNVD	id:	CNVD-2011-3894	Trust: 0.6
db:	CNVD	id:	CNVD-2011-3890	Trust: 0.6
db:	CNVD	id:	CNVD-2011-3897	Trust: 0.6
db:	CNVD	id:	CNVD-2011-3898	Trust: 0.6
db:	CNNVD	id:	CNNVD-201109-579	Trust: 0.6
db:	NSFOCUS	id:	18354	Trust: 0.6
db:	IVD	id:	F9431612-2353-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	PACKETSTORM	id:	107615	Trust: 0.1

sources: IVD: f9431612-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5208 // CNVD: CNVD-2011-3894 // CNVD: CNVD-2011-3890 // CNVD: CNVD-2011-3897 // CNVD: CNVD-2011-3898 // BID: 49795 // JVNDB: JVNDB-2011-005030 // PACKETSTORM: 107615 // CNNVD: CNNVD-201109-579 // CNNVD: CNNVD-201112-102 // NVD: CVE-2011-4045

REFERENCES

url:	http://aluigi.altervista.org/adv/pcvue_1-adv.txt	Trust: 2.8
url:	http://www.us-cert.gov/control_systems/pdf/icsa-11-340-01.pdf	Trust: 2.8
url:	https://support.pcvuescada.com/index.php?option=com_k2&view=item&id=512&itemid=440	Trust: 1.6
url:	http://www.pcvuesolutions.com/index.php?option=com_content&view=article&id=244&itemid=257	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4045	Trust: 0.8
url:	http://www.us-cert.gov/control_systems/pdf/ics-alert-11-271-01.pdf	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4045	Trust: 0.8
url:	http://secunia.com/advisories/47131/	Trust: 0.7
url:	http://www.securityfocus.com/bid/49795	Trust: 0.6
url:	http://secunia.com/advisories/47131	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/18354	Trust: 0.6
url:	http://support.microsoft.com/kb/240797	Trust: 0.3
url:	http://www.arcinfo.com/index.php?option=com_content&id=2&itemid=151	Trust: 0.3
url:	http://secunia.com/advisories/47131/#comments	Trust: 0.1
url:	http://secunia.com/company/jobs/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=47131	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2011-5208 // CNVD: CNVD-2011-3894 // CNVD: CNVD-2011-3890 // CNVD: CNVD-2011-3897 // CNVD: CNVD-2011-3898 // BID: 49795 // JVNDB: JVNDB-2011-005030 // PACKETSTORM: 107615 // CNNVD: CNNVD-201109-579 // CNNVD: CNNVD-201112-102 // NVD: CVE-2011-4045

CREDITS

Luigi Auriemma

Trust: 0.9

sources: BID: 49795 // CNNVD: CNNVD-201109-579

SOURCES

db:	IVD	id:	f9431612-2353-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2011-5208
db:	CNVD	id:	CNVD-2011-3894
db:	CNVD	id:	CNVD-2011-3890
db:	CNVD	id:	CNVD-2011-3897
db:	CNVD	id:	CNVD-2011-3898
db:	BID	id:	49795
db:	JVNDB	id:	JVNDB-2011-005030
db:	PACKETSTORM	id:	107615
db:	CNNVD	id:	CNNVD-201109-579
db:	CNNVD	id:	CNNVD-201112-102
db:	NVD	id:	CVE-2011-4045

LAST UPDATE DATE

2024-08-14T14:34:30.439000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-5208	date:	2011-12-09T00:00:00
db:	CNVD	id:	CNVD-2011-3894	date:	2011-09-28T00:00:00
db:	CNVD	id:	CNVD-2011-3890	date:	2011-09-28T00:00:00
db:	CNVD	id:	CNVD-2011-3897	date:	2011-09-28T00:00:00
db:	CNVD	id:	CNVD-2011-3898	date:	2011-09-28T00:00:00
db:	BID	id:	49795	date:	2011-12-06T22:07:00
db:	JVNDB	id:	JVNDB-2011-005030	date:	2012-04-04T00:00:00
db:	CNNVD	id:	CNNVD-201109-579	date:	2011-09-29T00:00:00
db:	CNNVD	id:	CNNVD-201112-102	date:	2011-12-09T00:00:00
db:	NVD	id:	CVE-2011-4045	date:	2012-04-03T04:00:00

SOURCES RELEASE DATE

db:	IVD	id:	f9431612-2353-11e6-abef-000c29c66e3d	date:	2011-12-09T00:00:00
db:	CNVD	id:	CNVD-2011-5208	date:	2011-12-09T00:00:00
db:	CNVD	id:	CNVD-2011-3894	date:	2011-09-28T00:00:00
db:	CNVD	id:	CNVD-2011-3890	date:	2011-09-28T00:00:00
db:	CNVD	id:	CNVD-2011-3897	date:	2011-09-28T00:00:00
db:	CNVD	id:	CNVD-2011-3898	date:	2011-09-28T00:00:00
db:	BID	id:	49795	date:	2011-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2011-005030	date:	2012-04-04T00:00:00
db:	PACKETSTORM	id:	107615	date:	2011-12-07T07:51:44
db:	CNNVD	id:	CNNVD-201109-579	date:	1900-01-01T00:00:00
db:	CNNVD	id:	CNNVD-201112-102	date:	2011-12-09T00:00:00
db:	NVD	id:	CVE-2011-4045	date:	2012-04-03T03:44:36.070