研华Advantech WebAccess爆出10个0Day漏洞 都属于远程代码执行漏洞-阿里云开发者社区

开发者社区> 安全> 正文
登录阅读全文

研华Advantech WebAccess爆出10个0Day漏洞 都属于远程代码执行漏洞

简介:

在CVSS评分都为7.5,据公开信息显示,厂商和美国ICS-CERT都已经收到并确认这些信息。

ZDI-17-567: (0Day) Advantech WebAccess nvA1Media Connect MediaUsername Stack-based Buffer Overflow 远程代码执行漏洞

http://www.zerodayinitiative.com/advisories/ZDI-17-567/

缓解措施:

The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\E19E79EC-F62E-40A0-952D-E49AEC7BEC2F

If the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser. 
For more information, please see: http://support.microsoft.com/kb/240797

ZDI-17-566: (0Day) Advantech WebAccess nvA1Media DeviceType 3 Stack-based Buffer Overflow Remote 远程代码执行漏洞

http://www.zerodayinitiative.com/advisories/ZDI-17-566/

缓解措施:

The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\7E19E79EC-F62E-40A0-952D-E49AEC7BEC2F

If the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser. 
For more information, please see: http://support.microsoft.com/kb/240797

ZDI-17-565: (0Day) Advantech WebAccess nvA1Media Connect MediaPassword Stack-based Buffer Overflow 远程代码执行漏洞

http://www.zerodayinitiative.com/advisories/ZDI-17-565/

缓解措施:

The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\E19E79EC-F62E-40A0-952D-E49AEC7BEC2F

If the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser. 
For more information, please see: http://support.microsoft.com/kb/240797

ZDI-17-564: (0Day) Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D Name Heap-based Buffer Overflow远程代码执行漏洞

http://www.zerodayinitiative.com/advisories/ZDI-17-564/

缓解措施:

The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\73888E2B-FF04-416c-8847-984D7FC4507F

If the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser. 
For more information, please see: http://support.microsoft.com/kb/240797

ZDI-17-563: (0Day) Advantech WebAccess RtspVapgDecoderNew2 SetLangStringHex Out-of-bounds Access 远程代码执行漏洞

http://www.zerodayinitiative.com/advisories/ZDI-17-563/

缓解措施:

The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\73888E2B-FF04-416c-8847-984D7FC4507F

If the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser. 
For more information, please see: http://support.microsoft.com/kb/240797

ZDI-17-562: (0Day) Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D Height Stack-based Buffer Overflow远程代码执行漏洞

http://www.zerodayinitiative.com/advisories/ZDI-17-562/

缓解措施:

The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\73888E2B-FF04-416c-8847-984D7FC4507F

If the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser. 
For more information, please see: http://support.microsoft.com/kb/240797

ZDI-17-561: (0Day) Advantech WebAccess TpMegaJVT setCameraName  Buffer Overflow 远程代码执行漏洞

http://www.zerodayinitiative.com/advisories/ZDI-17-561/

缓解措施:

The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\BF28239A-3823-40FF-BC02-2DA4D9DBB1EE

If the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser. 
For more information, please see: http://support.microsoft.com/kb/240797

ZDI-17-560: (0Day) Advantech WebAccess RtspVapgDecoderNew2 SetPaybackFilePath Stack-based Buffer Overflow 远程代码执行漏洞

http://www.zerodayinitiative.com/advisories/ZDI-17-560/

缓解措施:

The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\73888E2B-FF04-416c-8847-984D7FC4507F

If the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser. 
For more information, please see: http://support.microsoft.com/kb/240797

ZDI-17-559: (0Day) Advantech WebAccess TpMegaJVT createStream  Heap-based Buffer Overflow 远程代码执行漏洞

http://www.zerodayinitiative.com/advisories/ZDI-17-559/

缓解措施:

The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\BF28239A-3823-40FF-BC02-2DA4D9DBB1EE

If the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser. 
For more information, please see: http://support.microsoft.com/kb/240797

ZDI-17-558: (0Day) Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D Width Stack-based Buffer Overflow 远程代码执行漏洞

http://www.zerodayinitiative.com/advisories/ZDI-17-558/

缓解措施:

The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\73888E2B-FF04-416c-8847-984D7FC4507F

If the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser. 
For more information, please see: http://support.microsoft.com/kb/240797




原文发布时间:2017年8月8日 

本文由:zeroday发布,版权归属于原作者

原文链接:http://toutiao.secjia.com/advantech-webaccess-10-0day

本文来自云栖社区合作伙伴安全加,了解相关信息可以关注安全加网站

版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。

分享: