Vulnerability Description
Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Iconics | Bizviz | 9.0 |
| Iconics | Genesis32 | 9.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/44417Vendor Advisory
- http://www.exploit-db.com/exploits/17240Exploit
- http://www.exploit-db.com/exploits/17269Exploit
- http://www.osvdb.org/72135
- http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdfExploit
- http://www.securityfocus.com/bid/47704Exploit
- http://www.us-cert.gov/control_systems/pdf/ICSA-11-131-01.pdfUS Government Resource
- http://www.vupen.com/english/advisories/2011/1174Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67267
- http://secunia.com/advisories/44417Vendor Advisory
- http://www.exploit-db.com/exploits/17240Exploit
- http://www.exploit-db.com/exploits/17269Exploit
- http://www.osvdb.org/72135
- http://www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdfExploit
- http://www.securityfocus.com/bid/47704Exploit
FAQ
What is CVE-2011-2089?
CVE-2011-2089 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x befo...
How severe is CVE-2011-2089?
CVE-2011-2089 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2089?
Check the references section above for vendor advisories and patch information. Affected products include: Iconics Bizviz, Iconics Genesis32.