Vulnerability Details CVE-2014-0772
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named
OpenUrlToBufferTimeout. This method takes a URL as a parameter and
returns its contents to the caller in JavaScript. The URLs are accessed
in the security context of the current browser session. The control does
not perform any URL validation and allows file:// URLs that access the
local disk.
The method can be used to open a URL (including file URLs) and read
the URLs through JavaScript. This method could also be used to reach any
arbitrary URL to which the browser has access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 54.5%
CVSS Severity
CVSS v2 Score 5.0
References
Products affected by CVE-2014-0772
-
cpe:2.3:a:advantech:advantech_webaccess:5.0
-
cpe:2.3:a:advantech:advantech_webaccess:6.0
-
cpe:2.3:a:advantech:advantech_webaccess:7.0