CVE-2011-4039 Information

Description

Invensys Wonderware HMI Reports 3.42.835.0304 and earlier as used in Ocean Data Systems Dream Report before 4.0 and other products allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a \write access violation.\

Reference

http://secunia.com/advisories/47742 http://secunia.com/advisories/47933 http://www.us-cert.gov/control_systems/pdf/ICSA-12-024-01.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-039-01.pdf