CVE-2011-4039 | Vulnerability Database | Aqua Security

Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a write access violation.

Affected Software

Name	Vendor	Start Version	End Version
Dream_report	Dreamreport	*	3.43 (including)
Dream_report	Dreamreport	3.21 (including)	3.21 (including)
Dream_report	Dreamreport	3.41 (including)	3.41 (including)
Dream_report	Dreamreport	3.42 (including)	3.42 (including)
Wonderware_hmi_reports	Invensys	*	3.42.835.0304 (including)

References

http://secunia.com/advisories/47742
http://secunia.com/advisories/47933
http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf
http://secunia.com/advisories/47742
http://secunia.com/advisories/47933
http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-4039
CWE	https://cwe.mitre.org/data/definitions/264.html