Stack-based Buffer Overflow in ICONICS BizViz and GENESIS32 Products
CVE-2011-2089

Currently unrated

Key Information:

Vendor

Iconics

Status
Bizviz
Vendor
CVE Published:
13 May 2011

What is CVE-2011-2089?

A stack-based buffer overflow vulnerability exists in the SetActiveXGUID method of the VersionInfo ActiveX control within GenVersion.dll located in the WebHMI subsystem. This flaw impacts ICONICS BizViz version 9.x prior to 9.22 and GENESIS32 version 9.x prior to 9.22. Attackers can exploit this vulnerability by supplying a long string argument, potentially allowing them to execute arbitrary code remotely.

References

http://www.security-assessment.com/files/documents/adviso...
x_refsource_MISC
http://www.osvdb.org/72135
vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/44417
third-party-advisoryx_refsource_SECUNIA

EPSS Score

70% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.