WellinTech KingView 6.53 < 2011-11-20 HistoryServer.exe nettransdll.dll Module Op-code 3 Packet Parsing Remote Overflow
critical Nessus Plugin ID 59376
Language:
Synopsis
The remote Windows host contains an application that is affected by a remote buffer overflow vulnerability.Description
According to its version, the instance of WellinTech KingView installed on the remote Windows host is affected by a remote buffer overflow vulnerability. A flaw exists inside of 'nettransdll.dll' that may permit unauthenticated, remote attackers to execute arbitrary code in the context of the application. 'HistorySrv.exe' listens on port 777. When a specially-crafted request is received requesting service opcode 0x03, a buffer is allocated based on a size field in the request. Once the buffer has been created, data from the packet is copied into the buffer based on yet another size field. By making the buffer size field smaller than the data size field, a heap overflow can be accomplished.Solution
Install the patch referenced in the vendor's advisory.See Also
https://www.zerodayinitiative.com/advisories/ZDI-11-351/
http://web.archive.org/web/20120312094902/http://en.wellintech.com:80/news/detail.aspx?contentid=166
Plugin Details
Severity: Critical
ID: 59376
File Name: scada_kingview_6_53_2011-11-20.nbin
Version: 1.184
Type: local
Agent: windows
Family: SCADA
Published: 6/5/2012
Updated: 11/30/2022
Supported Sensors: Nessus Agent
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal Vector: E:U/RL:OF/RC:C
CVSS Score Source: CVE-2011-4536
Vulnerability Information
CPE: cpe:/a:wellintech:kingview
Required KB Items: SCADA/Apps/WellinTech/KingView/Installed
Exploit Ease: No known exploits are available
Patch Publication Date: 11/20/2011
Vulnerability Publication Date: 12/20/2011
Reference Information
CVE: CVE-2011-4536
BID: 51159
ICSA: 11-355-02