Vulnerability Details : CVE-2011-2386
Public exploit exists!
VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type property, which triggers an untrusted pointer dereference.
Vulnerability category: Execute code
Products affected by CVE-2011-2386
- cpe:2.3:a:visiwave:site_survey:*:*:*:*:*:*:*:*
- cpe:2.3:a:visiwave:site_survey:2.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:visiwave:site_survey:1.6.12:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-2386
85.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2011-2386
-
VisiWave VWR File Parsing Vulnerability
Disclosure Date: 2011-05-20First seen: 2020-04-26exploit/windows/fileformat/visiwave_vwr_typeThis module exploits a vulnerability found in VisiWave's Site Survey Report application. When processing .VWR files, VisiWaveReport.exe attempts to match a valid pointer based on the 'Type' property (valid ones include 'Properties', 'TitlePage', 'Details', 'Graph', 'Table',
CVSS scores for CVE-2011-2386
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2011-2386
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2386
-
http://www.securityfocus.com/bid/47948
VisiWave Site Survey '.vwr' File Processing Buffer Overflow VulnerabilityExploit
-
http://www.stratsec.net/Research/Advisories/VisiWave-Site-Survey-Report-Trusted-Pointer-%28SS-20
Invalid license keyExploit
-
http://www.exploit-db.com/exploits/17317
VisiWave - '.VWR' File Parsing Trusted Pointer (Metasploit) - Windows local ExploitExploit
-
http://www.visiwave.com/blog/index.php?/archives/4-Version-2.1.9-Released.html
Version 2.1.9 Released | VisiWave BlogVendor Advisory
Jump to