The Wonderware Archestra ConfigurationAccessComponent ActiveX control that is marked “safe for scripting” is suffering from a stack-overflow vulnerability. The UnsubscribeData method of the IConfigurationAccess interface is using wcscpy() to copy its first parameter into a static-sized local buffer. Attackers can exploit this vulnerability to overwrite arbitrary stack data and gain code execution.
ADVISORIES | July 1, 2012