Vulnerability Description
Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsys | Promotic | <= 8.1.6 |
Related Weaknesses (CWE)
References
- http://www.promotic.eu/en/pmdoc/News.htm#ver80107
- http://www.securityfocus.com/bid/52988
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdfUS Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74846
- http://www.promotic.eu/en/pmdoc/News.htm#ver80107
- http://www.securityfocus.com/bid/52988
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdfUS Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74846
FAQ
What is CVE-2011-4874?
CVE-2011-4874 is a vulnerability with a CVSS score of 7.9 (HIGH). Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via ...
How severe is CVE-2011-4874?
CVE-2011-4874 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4874?
Check the references section above for vendor advisories and patch information. Affected products include: Microsys Promotic.