Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code.
Siemens Automation License Manager 500.0.122.1
Several vulnerabilities were reported in Siemens Automation License Manager.
A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.
A remote user can send specially crafted *_licensekey commands to trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.
A remote user can send specially crafted data to trigger an exception or null pointer dereference.
A remote user can create specially crafted HTML that, when loaded by the target user, will invoke the ALMListCtr ActiveX control and overwrite arbitrary files with the privileges of the target user. The CLSID of the vulnerable control is: E57AF4A2-EF57-41D0-8512-FECDA78F1FE7
A remote user can execute arbitrary code on the target system.
No solution was available at the time of this entry.