Published: 16/08/2011 Updated: 16/03/2012

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Stack-based buffer overflow in an ActiveX control in KVWebSvr.dll in WellinTech KingView 6.52 and 6.53 allows remote malicious users to execute arbitrary code via a long second argument to the ValidateUser method.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wellintech kingview 6.53
wellintech kingview 6.52

# Exploit Title: KingView 653 SCADA ActiveX # Date: March 07 2011 # Author: Carlos Mario Penagos Hollmann # Software Link: downloadkingviewcom/software/kingview%20English%20Version/kingview653_ENrar # Version: 653 (English) # Tested on: Windows xp sp3 running on VMware Fusion 31 and VirtualBox 328 Thanks to Dillon Beresford for ...

CWE-119 http://www.cnvd.org.cn/vulnerability/CNVD-2011-04541 http://www.us-cert.gov/control_systems/pdf/ICSA-11-074-01.pdf http://www.securityfocus.com/bid/46757 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-066-01.pdf http://www.osvdb.org/72889 http://www.kingview.com/news/detail.aspx?contentid=537 http://www.scadahacker.com/exploits-wellintech-kvwebsvr.html http://www.exploit-db.com/exploits/16936 https://nvd.nist.gov https://www.exploit-db.com/exploits/16936/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-3142

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect