关联漏洞
标题:
WellinTech KingView 缓冲区溢出漏洞
(CVE-2012-1831)
描述:Kingview(组态王)是中国亚控(WellinTech)公司的一套工业组态软件。该软件包含了一个稳定的采集架构,并提供导入导出设备变量、向导式报表、Web发布等功能。 WellinTech KingView 6.53版本中存在基于堆的缓冲区溢出漏洞。远程攻击者可利用该漏洞通过向TCP端口555发送特制数据包,执行任意代码。
描述
Proof Of Concept for the CVE-2012-1831 (Kingview Touchview 6.53)
介绍
# POC-CVE-2012-1831
Proof Of Concept for the CVE-2012-1831 (Kingview Touchview 6.53)
## Background on Kingview
KingView® is a powerful Windows-based industrial SCADA software for monitoring & controlling industrial processes. With over 25 years of development, it's now known for being the best selling automation software in the Chinese market and having a large user base internationally.
## CVE Description
CVE-2012-1831 is a heap-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555.
CVSS: <span style="color: red;"><strong>10.0 (Critical)</strong></span>
## POC
Reporting in Progress...
文件快照
[4.0K] /data/pocs/74109e7c8fe0910f0025d41bbd978a6fbe1a0ba5
├── [109M] kingview6.53_EN.rar
└── [ 680] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。