Advantech ADAM OPC Server ActiveX Control Buffer Overflow Vulnerability
November 4, 2011
Security research and service institute Information and
Communication Security Technology Center (ICST) has
identified a buffer overflow vulnerability that affects
multiple Advantech OPC (OLE for Process Control) Server
products.
Advantech ADAM OPC Server is prone to a remote
buffer-overflow vulnerability because it fails to
sufficiently validate user-supplied data. This issue affects
an unspecified ActiveX control.
Attackers can exploit this issue to execute arbitrary code
within the context of the affected application that uses the
ActiveX control (typically Internet Explorer). Failed
exploit attempts will result in a denial-of-service
condition.
ICS-CERT originally released Advisory ICSA-11-279-01P on the
US-CERT secure Portal on October 06, 2011. This web page
release was delayed to allow users time to download and
install the update.
This vulnerability may allow remote code execution and
elevated user privileges.
Advantech has produced a new software version that mitigates
this vulnerability. ICST has tested the new version and
confirmed that it fully resolves this vulnerability.