Advantech WebAccess 8.x < 8.0-2015.08.16 RCE
Medium Nessus Network Monitor Plugin ID 9861
SynopsisThe detected version of Advantech WebAccess may be affected by a remote code execution (RCE) attack vector.
DescriptionThe installed version of Advantech WebAccess is 8.x prior to 8.0-2015.08.16 and is affected by an overflow condition. The issue is triggered as user-supplied input is not properly validated when handling an unspecified DLL string in a file. With a specially crafted file, a context-dependent attacker can cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code.
SolutionUpgrade to Advantech WebAccess version 8.0-2015.08.16 or later.