Control Center PRO 6.2.9 - Local Stack Based BufferOverflow (SEH)

vendor:

Control Center PRO

by:

Samir sanchez garnica

7.5

CVSS

HIGH

Local Stack Based Buffer Overflow

Buffer Overflow

CWE

Product Name: Control Center PRO

Affected Version From: 6.2.2009

Affected Version To: 6.2.2009

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows 10 pro N and Windows XP SP3

2019

Control Center PRO 6.2.9 – Local Stack Based BufferOverflow (SEH)

There is a stack based buffer overflow vulnerability in Control Center PRO 6.2.9. When attempting to use the create user module, in the username field, copying a considerable amount of strings is not controlled by the software and leads to an overwrite of the SEH.

Mitigation:

Apply the latest patch or upgrade to a newer version of Control Center PRO.

Source

Control Center PRO 6.2.9 – Local Stack Based BufferOverflow (SEH)

Mitigation:

Exploit-DB raw data: