HTTP: Unitronics UniDownloader and VisiLogic OPLC IDE IPWorksSSL.HTTPS Memory Corruption
A memory corruption vulnerability exists in Unitronics, VisiLogic OPLC IDE and UniDownloader. The vulnerability is due to untrusted pointer dereference on the SSLCertHandle parameter of the IPWorksSSL.HTTPS ActiveX control. A remote attacker could exploit this vulnerability by enticing a vulnerable user to open a crafted web page. Successful exploitation could lead to code execution in the context of the target user.
Extended Description
Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors.
Affected Products
Unitronics visilogic_oplc_ide
References
CVE: CVE-2015-7905
Short Name
HTTP:STC:ACTIVEX:VLOGIC-MEMCP
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2015-7905 Corruption IDE IPWorksSSL.HTTPS Memory OPLC UniDownloader Unitronics VisiLogic and
Release Date
12/23/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3337
False Positive
Unknown
Vendors
Unitronics
CVSS Score
7.5