在cvss評分都為7.5,據公開資訊顯示,廠商和美國ics-cert都已經收到并确認這些資訊。
zdi-17-567: (0day) advantech webaccess nva1media connect mediausername stack-based buffer overflow 遠端代碼執行漏洞
http://www.zerodayinitiative.com/advisories/zdi-17-567/
緩解措施:
the killbit can be set on this control to disable scripting within internet explorer by modifying the data value of the compatibility flags dword within the following location in the registry:
hkey_local_machine\software\microsoft\internet explorer\activex compatibility\e19e79ec-f62e-40a0-952d-e49aec7bec2f
if the compatibility flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.
for more information, please see: http://support.microsoft.com/kb/240797
zdi-17-566: (0day) advantech webaccess nva1media devicetype 3 stack-based buffer overflow remote 遠端代碼執行漏洞
http://www.zerodayinitiative.com/advisories/zdi-17-566/
hkey_local_machine\software\microsoft\internet explorer\activex compatibility\7e19e79ec-f62e-40a0-952d-e49aec7bec2f
zdi-17-565: (0day) advantech webaccess nva1media connect mediapassword stack-based buffer overflow 遠端代碼執行漏洞
http://www.zerodayinitiative.com/advisories/zdi-17-565/
zdi-17-564: (0day) advantech webaccess rtspvapgdecodernew2 pmsettingdata3d name heap-based buffer overflow遠端代碼執行漏洞
http://www.zerodayinitiative.com/advisories/zdi-17-564/
hkey_local_machine\software\microsoft\internet explorer\activex compatibility\73888e2b-ff04-416c-8847-984d7fc4507f
zdi-17-563: (0day) advantech webaccess rtspvapgdecodernew2 setlangstringhex out-of-bounds access 遠端代碼執行漏洞
http://www.zerodayinitiative.com/advisories/zdi-17-563/
zdi-17-562: (0day) advantech webaccess rtspvapgdecodernew2 pmsettingdata3d height stack-based buffer overflow遠端代碼執行漏洞
http://www.zerodayinitiative.com/advisories/zdi-17-562/
zdi-17-561: (0day) advantech webaccess tpmegajvt setcameraname buffer overflow 遠端代碼執行漏洞
http://www.zerodayinitiative.com/advisories/zdi-17-561/
hkey_local_machine\software\microsoft\internet explorer\activex compatibility\bf28239a-3823-40ff-bc02-2da4d9dbb1ee
zdi-17-560: (0day) advantech webaccess rtspvapgdecodernew2 setpaybackfilepath stack-based buffer overflow 遠端代碼執行漏洞
http://www.zerodayinitiative.com/advisories/zdi-17-560/
zdi-17-559: (0day) advantech webaccess tpmegajvt createstream heap-based buffer overflow 遠端代碼執行漏洞
http://www.zerodayinitiative.com/advisories/zdi-17-559/
zdi-17-558: (0day) advantech webaccess rtspvapgdecodernew2 pmsettingdata3d width stack-based buffer overflow 遠端代碼執行漏洞
http://www.zerodayinitiative.com/advisories/zdi-17-558/
原文釋出時間:2017年8月8日
本文由:zeroday釋出,版權歸屬于原作者
原文連結:http://toutiao.secjia.com/advantech-webaccess-10-0day
本文來自雲栖社群合作夥伴安全加,了解相關資訊可以關注安全加網站