The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess prior to 7.2 allows remote malicious users to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
advantech advantech webaccess |
||
advantech advantech webaccess 6.0 |
||
advantech advantech webaccess 7.0 |
||
advantech advantech webaccess 5.0 |