Advantech WebAccess < 8.0.2015.08.16 Unspecified DLL String Handling Arbitrary Code Execution
Medium Nessus Plugin ID 86899
SynopsisThe remote host has a web application running that is affected by an arbitrary code execution vulnerability.
DescriptionThe Advantech WebAccess application running on the remote host is prior to version 8.0.2015.08.16. It is, therefore, affected by an arbitrary code execution vulnerability due to improper validation of user-supplied input when handling an unspecified DLL string in a file.
A local attacker can exploit this, via a specially crafted application, to cause a stack-based buffer overflow, resulting in the execution of arbitrary code or a denial of service condition.
SolutionUpgrade to Advantech WebAccess version 8.0.2015.08.16 or later.