InduSoft Web Studio Multiple Remote Vulnerabilities
November 15, 2011
Security research Luigi Auriemma has discovered two
vulnerabilities in the InduSoft Web Studio software and
coordinated this disclosure with Tipping Point (part of
Hewlett-Packard) as ZDI-11-329 and ZDI-11-330.
These vulnerabilities exploit unauthenticated remote code
execution which can be exploited by malicious people to
bypass certain security restrictions and compromise a
vulnerable system.
1) An error due to the remote agent component (CEServer.exe)
listening on port 4322/tcp not authenticating incoming
requests can be exploited to e.g. create files or load
arbitrary DLLs.
2) A boundary error within the remote agent component
(CEServer.exe) when handling the remove file operation
(0x15) can be exploited to cause a stack-based buffer
overflow.
Successful exploitation of this vulnerability may allow
execution of arbitrary code.
Zero Day Initiative has coordinated with InduSoft, who has
produced a patch that mitigates these vulnerabilities.
According to InduSoft, these vulnerabilities affect the
following products:
- InduSoft Web Studio Versions 6.1 and 7.0.