Microsys Promotic PmTrendViewer ActiveX Control SaveCfg Stack Buffer Overflow

Added: 12/23/2011
OSVDB: 76396

Background

Microsys Promotic is a SCADA object software tool for creating applications that monitor, control and display technological processes in various industrial areas. Promotic includes support for a web interface designed for Microsoft Windows.

Problem

Microsys Promotic's PmTrendViewer ActiveX control is vulnerable to remote code execution due to improper boundary checking in the SaveCfg method.

Resolution

Contact the vendor and upgrade or apply a patch when a fix becomes available. As a workaround, set the kill bit for PmTrendViewer ActiveX control associated with CLSID {02000002-9DFA-4B37-ABE9-1929F4BCDEA2} as described in Microsoft Knowledge Base Article 240797.

References

http://aluigi.altervista.org/adv/promotic_1-adv.txt
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-286-01.pdf

Limitations

Exploit works on Microsys Promotic ActiveX Control 8.1.4.

The target user must open the exploit using Internet Explorer 7.

Platforms

Windows

Back to exploit index