| Vulnerability Name: | CVE-2012-2515 (CCN-76623) | ||||||||
| Assigned: | 2009-09-29 | ||||||||
| Published: | 2009-09-29 | ||||||||
| Updated: | 2012-07-17 | ||||||||
| Summary: | Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 7.3 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
7.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2012-2515 Source: MISC Type: Exploit http://retrogod.altervista.org/9sg_emc_keyhelp.html Source: CCN Type: SA36905 KeyWorks KeyHelp ActiveX Control Buffer Overflow Vulnerability Source: SECUNIA Type: Vendor Advisory 36905 Source: CCN Type: SA36914 EMC Captiva QuickScan Pro KeyHelp ActiveX Buffer Overflow Source: SECUNIA Type: Vendor Advisory 36914 Source: CCN Type: SA49728 GE Intelligent Platforms Multiple Products KeyHelp ActiveX Control Two Vulnerabilities Source: CCN Type: GEIP12-04 vulnerability in Proficy Historian, Proficy HMI/SCADA iFIX, Proficy Pulse, Proficy Batch Execution, and the SI7 I/O Driver Source: CONFIRM Type: Vendor Advisory http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-04%20Security%20Advisory%20-%20Proficy%20HTML%20Help.pdf Source: CCN Type: OSVDB ID: 83310 General Electric (GE) Intelligent Platforms Multiple Product KeyHelp.ocx ActiveX Boundary Check Remote Overflow Source: BID Type: Exploit 36546 Source: CCN Type: BID-36546 KeyWorks KeyHelp Module 'keyhelp.ocx' ActiveX Control Remote Buffer Overflow Vulnerability Source: CCN Type: BID-54215 Multiple GE Proficy Products Stack Buffer Overflow and Command Injection Vulnerabilities Source: CCN Type: ICSA-12-131-02 GE INTELLIGENT PLATFORMS PROFICY HTML HELP VULNERABILITIES Source: MISC Type: US Government Resource http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdf Source: VUPEN Type: UNKNOWN ADV-2009-2793 Source: VUPEN Type: UNKNOWN ADV-2009-2795 Source: XF Type: UNKNOWN proficy-activex-bo(76623) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||