CVE-2011-3494
Last modified
CVE-2011-3494 is a vulnerability of currently unknown severity. WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.. EPSS estimates a 55.78% chance of exploitation in the next 30 days.
Description
WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Interactivedata | Esignal | <= 10.6.2425 |
| Interactivedata | Esignal | 10.6 |
References
- http://secunia.com/advisories/45966Vendor Advisory
- http://secunia.com/advisories/45966Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-3494?
How severe is CVE-2011-3494?
How do I fix CVE-2011-3494?
Are you affected by CVE-2011-3494?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST