CVE-2011-4874

Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.9 UNKNOWN
ADJACENT_NETWORK
MEDIUM
AV:A/AC:M/Au:N/C:C/I:C/A:C
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
microsyspromotic
𝑥
≤ 8.1.6
microsyspromotic
8.0.0
microsyspromotic
8.0.1
microsyspromotic
8.0.2
microsyspromotic
8.0.3
microsyspromotic
8.0.4
microsyspromotic
8.0.5
microsyspromotic
8.0.6
microsyspromotic
8.0.7
microsyspromotic
8.0.8
microsyspromotic
8.0.9
microsyspromotic
8.0.10
microsyspromotic
8.0.11
microsyspromotic
8.0.12
microsyspromotic
8.0.13
microsyspromotic
8.1.0
microsyspromotic
8.1.1
microsyspromotic
8.1.2
microsyspromotic
8.1.3
microsyspromotic
8.1.4
microsyspromotic
8.1.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.promotic.eu/en/pmdoc/News.htm#ver80107
http://www.securityfocus.com/bid/52988
http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74846
http://www.promotic.eu/en/pmdoc/News.htm#ver80107
http://www.securityfocus.com/bid/52988
http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74846