Vulnerability Details CVE-2014-0773
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named
“CreateProcess.” This method contains validation to ensure an attacker
cannot run arbitrary command lines. After validation, the values
supplied in the HTML are passed to the Windows CreateProcessA API.
The validation can be bypassed allowing for running arbitrary command
lines. The command line can specify running remote files (example: UNC
command line).
A function exists at offset 100019B0 of bwocxrun.ocx. Inside this
function, there are 3 calls to strstr to check the contents of the user
specified command line. If “\setup.exe,” “\bwvbprt.exe,” or
“\bwvbprtl.exe” are contained in the command line (strstr returns
nonzero value), the command line passes validation and is then passed to
CreateProcessA.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 56.7%
CVSS Severity
CVSS v2 Score 7.5
References
Products affected by CVE-2014-0773
-
cpe:2.3:a:advantech:advantech_webaccess:5.0
-
cpe:2.3:a:advantech:advantech_webaccess:6.0
-
cpe:2.3:a:advantech:advantech_webaccess:7.0