Vulnerability Description
VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type property, which triggers an untrusted pointer dereference.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Visiwave | Site Survey | <= 2.1 |
Related Weaknesses (CWE)
References
- http://osvdb.org/72464
- http://secunia.com/advisories/44636Vendor Advisory
- http://www.exploit-db.com/exploits/17317Exploit
- http://www.securityfocus.com/bid/47948Exploit
- http://www.stratsec.net/Research/Advisories/VisiWave-Site-Survey-Report-Trusted-Exploit
- http://www.visiwave.com/blog/index.php?/archives/4-Version-2.1.9-Released.htmlVendor Advisory
- http://osvdb.org/72464
- http://secunia.com/advisories/44636Vendor Advisory
- http://www.exploit-db.com/exploits/17317Exploit
- http://www.securityfocus.com/bid/47948Exploit
- http://www.stratsec.net/Research/Advisories/VisiWave-Site-Survey-Report-Trusted-Exploit
- http://www.visiwave.com/blog/index.php?/archives/4-Version-2.1.9-Released.htmlVendor Advisory
FAQ
What is CVE-2011-2386?
CVE-2011-2386 is a vulnerability with a CVSS score of 9.3 (HIGH). VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type prope...
How severe is CVE-2011-2386?
CVE-2011-2386 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2386?
Check the references section above for vendor advisories and patch information. Affected products include: Visiwave Site Survey.