Lucene search
AnonymousZDI-14-248HistoryJul 18, 2014 - 12:00 a.m.
Advantech WebAccess dvs.ocx IPAddress Stack Buffer Overflow Remote Code Execution Vulnerability
2014-07-1800:00:00
Anonymous
www.zerodayinitiative.com
15
EPSS
0.316
Percentile
97.1%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the DVC.DvcCtrl ActiveX Control in dvs.ocx. The control does not check the length of an attacker-supplied string used to set the IPAddress property before copying it into a fixed length buffer on the stack. This allows an attacker to execute arbitrary code in the context of the browser process.
Related
zdi
zdi
zdt
zdt
Advantech WebAccess dvs.ocx GetColor Buffer Overflow Exploit
2014-09-24 00:00:00
packetstorm
packetstorm
Advantech WebAccess dvs.ocx GetColor Buffer Overflow
2014-09-24 00:00:00
exploitdb
exploitdb
Advantech Webaccess - dvs.ocx GetColor Buffer Overflow (Metasploit)
2014-09-24 00:00:00
nvd
nvd
CVE-2014-2364
2014-07-19 05:09:27
prion
prion
Stack overflow
2014-07-19 05:09:00
cvelist
cvelist
CVE-2014-2364
2014-07-19 01:00:00
metasploit
metasploit
Advantech WebAccess dvs.ocx GetColor Buffer Overflow
2014-09-12 13:57:54
cve
cve
CVE-2014-2364
2014-07-19 05:09:27
seebug
seebug
Advantech WebAccess dvs.ocx GetColor Buffer Overflow
2014-09-29 00:00:00
ics
ics
Advantech WebAccess Vulnerabilities
2018-09-06 12:00:00
nessus
nessus
Advantech WebAccess < 7.2-2014.06.06 Multiple Vulnerabilities
2014-04-14 00:00:00
Advantech WebAccess < 7.2-2014.06.06 Multiple Vulnerabilities
2017-02-14 00:00:00