What is CVE-2011-2386?

CVE-2011-2386 is a vulnerability in Visiwave Site_survey, classified under Code Injection. Published 2011-06-08.

Is CVE-2011-2386 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Visiwave Site_survey

CVE-2011-2386

VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type property, which triggers an untrusted pointe…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.720 (98.8th percentile) — read the EPSS interpretation.

Affected products

Visiwave Site_survey — versions 1.6.12, 2.0.12
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

References

cve@mitre.org (Exploit, x_refsource_MISC)
44636 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
47948 (Exploit, vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
17317 (Exploit, exploit, x_refsource_EXPLOIT-DB)
72464 (x_refsource_OSVDB, vdb-entry)

Frequently asked questions

What is CVE-2011-2386?: CVE-2011-2386 is a vulnerability in Visiwave Site_survey, classified under Code Injection. Published 2011-06-08.
Is CVE-2011-2386 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.