vulnerability announce CVE-2012-3015
Siemens SIMATIC STEP7, PCS7: code execution via DLL Preload
Synthesis of the vulnerability
An attacker can create a malicious DLL and invite the victim to open a SIMATIC STEP7 document in the same directory, in order to execute code.Impacted products:
BID-54651, CERTA-2012-AVI-402, CVE-2012-3015, SSA-110665, VIGILANCE-VUL-11792.
Description of the vulnerability
The Microsoft Office product loads a DLL when a file is opened.
However, the library is loaded insecurely. An attacker can thus use the VIGILANCE-VUL-9879 vulnerability to execute code.
An attacker can therefore create a malicious DLL and invite the victim to open a SIMATIC STEP7 document in the same directory, in order to execute code.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides a systems vulnerabilities bulletin
. The technology watch team tracks security threats targeting the computer system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.