Heap-based buffer overflow in Advantech WebOP - CVE-2017-12705
Published: August 16, 2017
Vulnerability identifier: #VU7891
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-12705
CWE-ID: CWE-122
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Advantech Co., Ltd
Affected software:
Advantech WebOP
Advantech WebOP
Detailed vulnerability description
The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code.
The weakness exist due to heap-based buffer overflow when handling malicious content. A local attacker can supply a specially crafted project file, trigger memory corruption and crash the process or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exist due to heap-based buffer overflow when handling malicious content. A local attacker can supply a specially crafted project file, trigger memory corruption and crash the process or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2017-12705
Cybersecurity Help is
currently unaware of any official patch addressing the vulnerability.