cnvd-2015-03476
Vulnerability from cnvd
Title
Moxa VPort ActiveX SDK Plus栈缓冲区溢出漏洞
Description
Moxa的VPort SDK PLUS,包括CGI command,ActiveX control和API库,允许第三方开发人员轻松集成定制的监控应用。 Moxa VPort ActiveX SDK Plus存在栈缓冲区溢出漏洞。远程攻击者可通过执行regkey set或get命令,利用该漏洞插入汇编代码行。
Severity
Patch Name
Moxa VPort ActiveX SDK Plus栈缓冲区溢出漏洞的补丁
Patch Description
Moxa的VPort SDK PLUS,包括CGI command,ActiveX control和API库,允许第三方开发人员轻松集成定制的监控应用。 Moxa VPort ActiveX SDK Plus存在栈缓冲区溢出漏洞。远程攻击者可通过执行regkey set或get命令,利用该漏洞插入汇编代码行。目前,厂商已经发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.moxa.com/support/download.aspx?d_id=2114

Reference
https://ics-cert.us-cert.gov/advisories/ICSA-15-097-01
Impacted products
Name
Moxa vport_activex_sdk_plus 2.7
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-0986"
    }
  },
  "description": "Moxa\u7684VPort SDK PLUS\uff0c\u5305\u62ecCGI command\uff0cActiveX control\u548cAPI\u5e93\uff0c\u5141\u8bb8\u7b2c\u4e09\u65b9\u5f00\u53d1\u4eba\u5458\u8f7b\u677e\u96c6\u6210\u5b9a\u5236\u7684\u76d1\u63a7\u5e94\u7528\u3002\r\n\r\nMoxa VPort ActiveX SDK Plus\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u6267\u884cregkey set\u6216get\u547d\u4ee4\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u63d2\u5165\u6c47\u7f16\u4ee3\u7801\u884c\u3002",
  "discovererName": "Ariele Caltabiano",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a    http://www.moxa.com/support/download.aspx?d_id=2114",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-03476",
  "openTime": "2015-05-29",
  "patchDescription": "Moxa\u7684VPort SDK PLUS\uff0c\u5305\u62ecCGI command\uff0cActiveX control\u548cAPI\u5e93\uff0c\u5141\u8bb8\u7b2c\u4e09\u65b9\u5f00\u53d1\u4eba\u5458\u8f7b\u677e\u96c6\u6210\u5b9a\u5236\u7684\u76d1\u63a7\u5e94\u7528\u3002\r\n\r\nMoxa VPort ActiveX SDK Plus\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u6267\u884cregkey set\u6216get\u547d\u4ee4\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u63d2\u5165\u6c47\u7f16\u4ee3\u7801\u884c\u3002\u76ee\u524d\uff0c\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Moxa VPort ActiveX SDK Plus\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Moxa vport_activex_sdk_plus 2.7"
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-15-097-01",
  "serverity": "\u9ad8",
  "submitTime": "2015-05-28",
  "title": "Moxa VPort ActiveX SDK Plus\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.