Vulnerability Details : CVE-2011-1719
Multiple stack-based buffer overflows in the Web Viewer ActiveX controls in CA Output Management Web Viewer 11.0 and 11.5 allow remote attackers to execute arbitrary code via (1) a long SRC property value to the PPSViewer ActiveX control in PPSView.ocx before 1.0.0.7 or (2) a long Title property value to the UOMWV_Helper ActiveX control in UOMWV_HelperActiveX.ocx before 11.5.0.1.
Vulnerability category: OverflowExecute code
Products affected by CVE-2011-1719
- cpe:2.3:a:broadcom:output_management_web_viewer:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:output_management_web_viewer:11.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1719
24.91%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1719
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2011-1719
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1719
-
http://securitytracker.com/id?1025424
CA Output Management Web Viewer ActiveX Controls Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
http://www.securityfocus.com/archive/1/517625/100/0/threaded
SecurityFocus
-
http://www.vupen.com/english/advisories/2011/1066
Webmail | OVH- OVHVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/66904
CA Output Management Web Viewer UOMWV_Helper ActiveX control buffer overflow CVE-2011-1719 Vulnerability Report
-
http://securityreason.com/securityalert/8226
CA Output Management Web Viewer Security Notice - CXSecurity.com
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/66903
CA Output Management Web Viewer ActiveX control buffer overflow CVE-2011-1719 Vulnerability Report
-
http://www.securityfocus.com/bid/47521
CA Output Management Web Viewer Multiple Stack Based Buffer Overflow Vulnerabilities
Jump to