CVE-2011-3488 - Resource Management Errors vulnerability in Equis Metastock

Publication

2011-09-16

Last modification

2012-06-28

Summary

Use-after-free vulnerability in Equis MetaStock 11 and earlier allows remote attackers to execute arbitrary code via a malformed (1) mwc chart, (2) mws chart, (3) mwt template, or (4) mwl layout.

Classification

CWE-399 - Resource Management Errors

Risk level (CVSS AV:N/AC:L/Au:N/C:C/I:C/A:C)

High

10.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Equis Metastock  9.1 , 9.0 , 11.0 , 10.0 , 8.0 , 10.1 , 9.2