Stack-Based Buffer Overflow in WellinTech KingView ActiveX Control
CVE-2011-3142

Currently unrated

Key Information:

Vendor: Wellintech
Status: Kingview
Vendor: CVE Published:; 16 August 2011

Summary

A stack-based buffer overflow vulnerability exists in an ActiveX control within the KVWebSvr.dll file in WellinTech's KingView versions 6.52 and 6.53. This flaw can be exploited by remote attackers to execute arbitrary code on the affected system. Specifically, the vulnerability arises from inadequate validation of input passed to the ValidateUser method, whereby an excessively long second argument can lead to memory corruption. This exposes organizations using KingView to significant security risks, making it critical to apply appropriate patches and mitigations against this exploit.

References

http://www.scadahacker.com/exploits-wellintech-kvwebsvr.html

x_refsource_MISC

http://www.us-cert.gov/control_systems/pdf/ICSA-11-074-01...

x_refsource_MISC

http://www.cnvd.org.cn/vulnerability/CNVD-2011-04541

x_refsource_MISC

EPSS Score

32% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 16, 2011