|
|
|
|
| |
Credit:
The information has been provided by Alexandr Polyakov
|
| |
Vulnerable Systems:
*ComponentOne FlexGrid 7.1 and prior
Attackers can exploit this issue to execute arbitrary code within the context of the application using the vulnerable control (typically Internet Explorer). This indicates an attack attempt to exploit a Memory Corruption vulnerability in ComponentOne FlexGrid.
CVE-2012-0227: Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ComponentOne FlexGrid 7.1, as used in Open Automation Software OPC Systems.NET, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long archive file name argument to the Archive method.
CVE-2012-5311: Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ComponentOne FlexGrid 7.1, as used in Open Automation Software OPC Systems.NET, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long archive file name argument to the Archive method
The vulnerability is located in the "Vsflex7.ocx" ActiveX control through miss-use of "Archive" method. It may allow remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will likely cause the program to crash, resulting in a denial of service condition.
CVE Information:
CVE-2012-0227
CVE-2012-5311
Disclosure Timeline:
Published: Jan 20 2012 12:00AM
Updated: Oct 10 2012 06:20PM
|
|
|
|
|
