CVE-2012-1831 PoC — WellinTech KingView 缓冲区溢出漏洞

Source

https://github.com/Astrowmist/POC-CVE-2012-1831

Associated Vulnerability

Title:WellinTech KingView 缓冲区溢出漏洞 (CVE-2012-1831)
Description:Kingview（组态王）是中国亚控（WellinTech）公司的一套工业组态软件。该软件包含了一个稳定的采集架构，并提供导入导出设备变量、向导式报表、Web发布等功能。 WellinTech KingView 6.53版本中存在基于堆的缓冲区溢出漏洞。远程攻击者可利用该漏洞通过向TCP端口555发送特制数据包，执行任意代码。

Description

Proof Of Concept for the CVE-2012-1831 (Kingview Touchview 6.53)

Readme

# POC-CVE-2012-1831
Proof Of Concept for the CVE-2012-1831 (Kingview Touchview 6.53)

## Background on Kingview
KingView® is a powerful Windows-based industrial SCADA software for monitoring & controlling industrial processes. With over 25 years of development, it's now known for being the best selling automation software in the Chinese market and having a large user base internationally.

## CVE Description
CVE-2012-1831 is a heap-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555.

CVSS: <span style="color: red;"><strong>10.0 (Critical)</strong></span>

## POC
Reporting in Progress...

File Snapshot


 [4.0K]  /data/pocs/74109e7c8fe0910f0025d41bbd978a6fbe1a0ba5
├── [109M]  kingview6.53_EN.rar
└── [ 680]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!