CVE-2011-0331 - Use-after-free vulnerability in the addOSPLext method in the Honeywell ScanServer ActiveX control 78

CVE-2011-0331

Summary

Use-after-free vulnerability in the addOSPLext method in the Honeywell ScanServer ActiveX control 780.0.20.5 allows remote attackers to execute arbitrary code via a crafted HTML document.

References

http://osvdb.org/71249
http://secunia.com/advisories/43360
http://secunia.com/secunia_research/2011-22/
http://www.securityfocus.com/bid/46930
http://www.vupen.com/english/advisories/2011/0725

Vulnerable Configurations

cpe:2.3:a:honeywell:scanserver_activex_control:780.0.20.5:*:*:*:*:*:*:*
cpe:2.3:a:honeywell:scanserver_activex_control:780.0.20.5:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 09-04-2011 - 03:32)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	46930
misc	http://secunia.com/secunia_research/2011-22/
osvdb	71249
secunia	43360
vupen	ADV-2011-0725

Last major update

09-04-2011 - 03:32

Published

22-03-2011 - 17:55

Last modified

09-04-2011 - 03:32