Buffer overflow in Wellintech Kingview

CVE-2011-3142

Stack-based buffer overflow in an ActiveX control in KVWebSvr.dll in WellinTech KingView 6.52 and 6.53 allows remote attackers to execute arbitrary code via a long second argument to the ValidateUser method.

Vulnerability class: Buffer Overflow

EPSS: 0.324 (96.9th percentile) — read the EPSS interpretation.

Affected products

Wellintech Kingview — versions 6.52, 6.53
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (Patch, x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
16936 (Exploit, exploit, x_refsource_EXPLOIT-DB)
46757 (Exploit, vdb-entry, x_refsource_BID)
72889 (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (Patch, x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM)