Microsys Promotic PmTrendViewer ActiveX Control SaveCfg Stack Buffer Overflow
Added: 12/23/2011OSVDB: 76396
Background
Microsys Promotic is a SCADA object software tool for creating applications that monitor, control and display technological processes in various industrial areas. Promotic includes support for a web interface designed for Microsoft Windows.Problem
Microsys Promotic's PmTrendViewer ActiveX control is vulnerable to remote code execution due to improper boundary checking in the SaveCfg method.Resolution
Contact the vendor and upgrade or apply a patch when a fix becomes available. As a workaround, set the kill bit for PmTrendViewer ActiveX control associated with CLSID {02000002-9DFA-4B37-ABE9-1929F4BCDEA2} as described in Microsoft Knowledge Base Article 240797.References
http://aluigi.altervista.org/adv/promotic_1-adv.txthttp://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-286-01.pdf
Limitations
Exploit works on Microsys Promotic ActiveX Control 8.1.4.The target user must open the exploit using Internet Explorer 7.
Platforms
WindowsBack to exploit index