CVE-2014-0773 Information

Description

The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe (2) bwvbprt.exe and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument as demonstrated by a UNC share pathname.

Reference

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03