漏洞标题
N/A
漏洞描述信息
"KeyHelp.KeyCtrl.1 ActiveX控制KeyHelp.ocx 1.2.312中的KeyWorks KeyHelp模块(即HTML Help组件),在EMC Documentum ApplicationXtender Desktop 5.4;EMC Captiva Quickscan Pro 4.6 SP1;GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5;GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1;GE Intelligent Platforms Proficy Pulse 1.0;GE Intelligent Platforms Proficy Batch Execution 5.6;GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42;以及其他产品,允许远程攻击者通过在(1) JumpMappedID或(2) JumpURL方法的第二个参数中的长字符串执行任意代码。"
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
多个GE Proficy 缓冲区溢出漏洞和命令注入漏洞
漏洞描述信息
GE Proficy是一个为用户提供用于自动化控制和嵌入式领域的软硬件产品、服务以及专业技术。 多个GE Proficy产品中存在远程基于栈的缓冲区溢出漏洞和命令注入漏洞。攻击者可利用这些漏洞在使用ActiveX控件的受影响应用程序(典型的IE浏览器)上下文中执行任意shell命令和代码,攻击失败将导致拒绝服务。
CVSS信息
N/A
漏洞类别
授权问题