[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2012-2515

Date: (C)2012-07-04   (M)2015-12-16
 
CVSS Score: 9.3Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method.

Reference:
BID-36546
SECUNIA-36905
SECUNIA-36914
http://retrogod.altervista.org/9sg_emc_keyhelp.html
http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-04%20Security%20Advisory%20-%20Proficy%20HTML%20Help.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdf

CPE    8
cpe:/a:ge:intelligent_platforms_proficy_pulse:1.0
cpe:/a:ge:intelligent_platforms_proficy_historian:4.0
cpe:/a:ge:intelligent_platforms_proficy_historian:3.1
cpe:/a:emc:captiva_quickscan_pro:4.6:sp1
...
CWE    1
CWE-119

© 2013 SecPod Technologies