Intrusion Prevention

Advantech.WebAccess.Datacore.Heap.Overflow

Description

This indicates an attempt to exploit a Heap Overflow vulnerability in Advantech WebAccess.
The vulnerability is caused by a bounds-checking error while calling the strcpy() function in datacore.exe. It allows remote attackers to execute arbitrary code by sending overly long strings within an RPC request.

Affected Products

Advantech WebAccess 8.1 and prior

Impact

System compromise: Remote code execution.

Recommended Actions

Currently we are unaware of any official fix for this issue.

CVE References

CVE-2016-0857