Multiple ActiveX Vulnerabilities in Advantech BroadWin WebAccess Client
September 2, 2011
Security researcher Luigi Auriemma has discovered multiple
vulnerabilities in the
Advantech BroadWin WebAccess Client making it prone to multiple remote
vulnerabilities, including:
1. A format-string vulnerability
2. Multiple memory corruption vulnerabilities
Attackers could exploit these issues to execute arbitrary
code in the context of the application using the ActiveX
control (typically Internet Explorer). Failed exploit
attempts will likely result in denial-of-service conditions.
BroadWin WebAccess Client 7.0 is vulnerable; other verisons
may also be affected.
An additional vulnerability was later discovered on November
2, 2011 by security research Shahriyar Jalayeri and is
covered in
Advantech BroadWin WebAccess ActiveX Vulnerability.