Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Advantech WebAccess < 7.0-2011.08.27 Multiple Vulnerabilities

High

Synopsis

The detected version of Advantech WebAccess may be affected by multiple attack vectors.

Description

The installed version of Advantech WebAccess is prior to 7.0-2011.08.27 and is affected by the following vulnerabilities :

- An overflow condition exists in the bundled 'bwscript.dll' ActiveX control that is triggered as user-supplied input is not properly validated. With a specially crafted web page, a context-dependent attacker can cause a buffer overflow, potentially allowing the execution of arbitrary code. (OSVDB 124951) - An overflow condition exists in the bundled 'webdobj.dll' ActiveX control that is triggered as user-supplied input is not properly validated. With a specially crafted web page, a context-dependent attacker can cause a buffer overflow, potentially allowing the execution of arbitrary code. (OSVDB 124952)

Solution

Upgrade to Advantech WebAccess version 7.0-2011.08.27 or later.