CVE-2011-2386 Information

Description

VisiWaveReport.exe in AZO Technologies Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type property which triggers an untrusted pointer dereference.

Reference

http://osvdb.org/72464 http://secunia.com/advisories/44636 http://www.exploit-db.com/exploits/17317 http://www.securityfocus.com/bid/47948 http://www.stratsec.net/Research/Advisories/VisiWave-Site-Survey-Report-Trusted-Pointer-28SS-20 http://www.visiwave.com/blog/index.php?/archives/4-Version-2.1.9-Released.html