|CVSS SCORE||7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)|
|TREND MICRO CUSTOMER PROTECTION||Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 13967. For further product information on the TippingPoint IPS: http://www.tippingpoint.com|
The specific flaw exists within the WESPMonitor.WESPMonitorCtrl.1 ActiveX control. By providing an invalid IP address to the Connect() method and forcing a page reload, an attacker can cause a pointer to be referenced after it has been freed. An attacker could use this to execute arbitrary code in the context of the browser.
02/10/2014 - ZDI sent email to vendor requesting contact for disclosure
|CREDIT||Dave Weinstein of HP's Zero Day Initaitive