The Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control contains a stack buffer overflow that could allow a remote attacker to execute arbitrary code on an affected system
The Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control, ConfigurationAccessComponent.dll, used by the Wonderware Archestra IDE (Integrated Development Environment) and the InFusion IEE (Integrated Engineering Environment) contains a stack buffer overflow vulnerability.
The UnsubscribeData method of the IConfigurationAccess interface uses wcscpy() to copy its first parameter into a static sized local buffer.
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause the web browser to crash.
Enter URLs manually
Information from Invensys and IOActive was used in this document.
This document was written by Michael Orlando.
|Date First Published:||2010-08-04|
|Date Last Updated:||2010-08-05 17:03 UTC|