Critical

CVE-2011-3488 - Resource Management Errors vulnerability in Equis Metastock

Publication: 2011-09-16
Summary

Use-after-free vulnerability in Equis MetaStock 11 and earlier allows remote attackers to execute arbitrary code via a malformed (1) mwc chart, (2) mws chart, (3) mwt template, or (4) mwl layout.

Classification
CWE-399: Resource Management Errors

Risk level (CVSS 10)

Critical

10.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Equis Metastock 8.0
  • Equis Metastock 9.0
  • Equis Metastock 9.1
  • Equis Metastock 9.2
  • Equis Metastock 10.0
  • Equis Metastock 10.1
  • Equis Metastock 11.0