Home -> Resources -> SCADA/ICS Vulnerability Reference -> InduSoft ISSymbol

InduSoft ISSymbol ActiveX Control Buffer Overflow

September 1, 2011

Dmitriy Pletnev from Secunia Research recently disclosed that InduSoft ISSymbol ActiveX control is prone to multiple buffer-overflow vulnerabilities.

Attackers could exploit these issues to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.

ICS-CERT Advisories / Alerts

ICSA-11-273-02

Vendor Website (include Patches / Hotfixes)

WebStudio Product Information
InduSoft Security Updates and Hotfixes (does not appear to contain this patch)

Exploit Proof-of-Concept

Report indicates public exploit is available, but no references found at this time.

Common Vulnerability & Exposure (CVE) References

CVE-2011-0342

Additional Information

Secunia Research: InduSoft ISSymbol ActiveX Control Buffer Overflow Vulnerabilities Report
Open-Source Vulnerability Database #74867
Secunia Advisory #44875
Security Focus Vulnerability Info and Exploit Bugtraq ID 49403
IBM Internet Security Systems #69523
IBM Internet Security Systems #69524

PoC Holes from SCADA Providers (ISSSource)