VAR-201501-0414
Vulnerability from variot - Updated: 2025-04-12 23:22Multiple stack-based buffer overflows in Advantech AdamView 4.3 and earlier allow remote attackers to execute arbitrary code via a crafted (1) display properties or (2) conditional bitmap parameter in a GNI file. ADAMView is a data capture software. Advantech AdamView has multiple stack buffer overflow vulnerabilities because the application failed to properly border the user-supplied data before copying it into a full-size buffer. Allows an attacker to exploit these vulnerabilities to execute arbitrary code in the context of an application that is affected by an ActiveX control, typically Internet Explorer. Failed exploit attempts likely result in denial-of-service conditions. Advantech AdamView 4.3 is vulnerable; other versions may also be affected. The software provides features such as graphical panel configuration, modularity and priority task design. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/
Advantech AdamView Buffer Overflow
- Advisory Information
Title: Advantech AdamView Buffer Overflow Advisory ID: CORE-2014-0008 Advisory URL: http://www.coresecurity.com/advisories/advantech-adamView-buffer-overflow Date published: 2014-11-19 Date of last update: 2014-11-19 Vendors contacted: Advantech Release mode: User release
- Vulnerability Information
Class: Buffer overflow [CWE-119] Impact: Code execution Remotely Exploitable: No Locally Exploitable: Yes CVE Name: CVE-2014-8386
-
Advantech AdamView V4.3 .
-
Vendor Information, Solutions and Workarounds
The vendor informed us that the product is no longer supported and therefore no fix or update is going to be released.
Given that this is a client-side vulnerability, affected users should avoid opening untrusted '.gni' files. Core Security also recommends those affected use third party software such as Sentinel [3] or EMET [2] that could help to prevent the exploitation of affected systems to some extent.
-
Credits
This vulnerability was discovered and researched by Daniel Kazimirow and Fernando Paez from Core Security Exploit Writers Team. The publication of this advisory was coordinated by Joaqu\xedn Rodr\xedguez Varela from Core Advisories Team.
-
Below are shown the vulnerable fields, the debug information, and the stack state after being overwritten.
/-----
VULNERABLE FIELDS:
[+] display properties (BUG 1) 00475BA0 |. 53 PUSH EBX ; /<%s> 00475BA1 |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18] ; | 00475BA5 |. 68 F09C4B00 PUSH ADAMView.004B9CF0 ; |Format = "Display Designer: %s" 00475BAA |. 51 PUSH ECX ; |s 00475BAB |. 8BF0 MOV ESI,EAX ; | 00475BAD |. FF15 84FF4900 CALL DWORD PTR DS:[<&USER32.wsprintfA>] ; \wsprintfA
DEBUG:
EAX 00000000 ECX 00000001 EDX 00000000 EBX 00000003 ESP 0012F924 EBP 00000000 ESI 0012F9B4 EDI 00F39DC8 EIP CCCCCCCC <------------------------------------ C 0 ES 0023 32bit 0(FFFFFFFF) P 0 CS 001B 32bit 0(FFFFFFFF) A 0 SS 0023 32bit 0(FFFFFFFF) Z 0 DS 0023 32bit 0(FFFFFFFF) S 0 FS 003B 32bit 7FFDE000(FFF) T 0 GS 0000 NULL D 0 O 0 LastErr ERROR_SUCCESS (00000000) EFL 00010202 (NO,NB,NE,A,NS,PO,GE,G) ST0 empty ST1 empty ST2 empty ST3 empty ST4 empty ST5 empty ST6 empty ST7 empty 3 2 1 0 E S P U O Z D I FST 4000 Cond 1 0 0 0 Err 0 0 0 0 0 0 0 0 (EQ) FCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1
STACK:
0012F958 CCCCCCCC \xcc\xcc\xcc\xcc 0012F95C CCCCCCCC \xcc\xcc\xcc\xcc 0012F960 CCCCCCCC \xcc\xcc\xcc\xcc 0012F964 CCCCCCCC \xcc\xcc\xcc\xcc 0012F968 CCCCCCCC \xcc\xcc\xcc\xcc 0012F96C CCCCCCCC \xcc\xcc\xcc\xcc 0012F970 CCCCCCCC \xcc\xcc\xcc\xcc 0012F974 CCCCCCCC \xcc\xcc\xcc\xcc 0012F978 CCCCCCCC \xcc\xcc\xcc\xcc 0012F97C CCCCCCCC \xcc\xcc\xcc\xcc Pointer to next SEH record 0012F980 0043304A J0C. SE handler <-------------- SEH CONTROLLED BY US (PPR) 0012F984 FFFFFFFF \xff\xff\xff\xff 0012F988 00485103 QH.
Below are shown the vulnerable fields, the debug information, and
the stack state after being overwritten.
/-----
VULNERABLE FIELDS:
[+] conditional bitmap > bitmap file map (is a path) (BUG 2)
00406E70 |. 55 |PUSH EBP ; /StringToAdd 00406E71 |. 51 |PUSH ECX ; |ConcatString 00406E72 |. FF15 A8F34900 |CALL DWORD PTR DS:[<&KERNEL32.lstrcatA>>; \lstrcatA
DEBUG:
EAX 00000000 ECX CCCCCCCC <--------------------- EAX EDX 73EA2608 MFC42.73EA2608 EBX 00F3C92E ASCII "BMP1" ESP 0012F884 EBP 0000099C ESI 0012F9B4 EDI 00F3C818 EIP CCCCCCCC <--------------------- C 0 ES 0023 32bit 0(FFFFFFFF) P 0 CS 001B 32bit 0(FFFFFFFF) A 0 SS 0023 32bit 0(FFFFFFFF) Z 0 DS 0023 32bit 0(FFFFFFFF) S 0 FS 003B 32bit 7FFDF000(FFF) T 0 GS 0000 NULL D 0 O 0 LastErr ERROR_PATH_NOT_FOUND (00000003) EFL 00010202 (NO,NB,NE,A,NS,PO,GE,G) ST0 empty ST1 empty ST2 empty ST3 empty ST4 empty ST5 empty ST6 empty ST7 empty 3 2 1 0 E S P U O Z D I FST 4000 Cond 1 0 0 0 Err 0 0 0 0 0 0 0 0 (EQ) FCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1
STACK:
0012F884 CCCCCCCC 0012F888 CCCCCCCC 0012F88C CCCCCCCC 0012F890 CCCCCCCC 0012F894 CCCCCCCC 0012F898 CCCCCCCC 0012F89C CCCCCCCC 0012F8A0 7ACCCCCC 0012F8A4 CC004342 0012F8A8 CCCCCCCC 0012F8AC CCCCCCCC 0012F8B0 CCCCCCCC 0012F8B4 CCCCCCCC 0012F8B8 CCCCCCCC 0012F8BC CCCCCCCC 0012F8C0 CCCCCCCC 0012F8C4 CCCCCCCC
-----/
-
Report Timeline . 2014-10-01:
Initial notification sent to ICS-CERT informing of the vulnerability and requesting the vendor's contact information. 2014-10-01:
ICS-CERT informs that they will ask the vendor if they want to coordinate directly with us or if they prefer to have ICS-CERT mediate. They request the vulnerability report. 2014-10-01:
ICS-CERT informs that the vendor answered that they would like the ICS-CERT to mediate the coordination of the advisory. They requested again the vulnerability report. 2014-10-01:
We send the vulnerability detail, including technical description and a PoC. 2014-10-09:
We request a status update on the reported vulnerability. 2014-10-20:
ICS-CERT informs that the vendor is still reviewing the vulnerability. 2014-10-27:
ICS-CERT informs us that the vendor is no longer supporting ADAMView, and therefore they will not fix it. 2014-11-13:
We inform them that we will publish this advisory as user release on Wednesday 19th of November. 2014-11-19:
Advisory CORE-2014-0008 published.
-
References
[1] http://www.advantech.com/products/1-39JG4I/ADAMVIEW/mod_328DB466-4B81-4652-B8AF-F5568F24A103.aspx. [2] http://support.microsoft.com/kb/2458544. [3] https://github.com/CoreSecurity/sentinel.
-
About CoreLabs
CoreLabs, the research center of Core Security, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com.
-
About Core Security
Core Security enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations.
Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com.
-
Disclaimer
The contents of this advisory are copyright (c) 2014 Core Security and (c) 2014 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/
-
PGP/GPG Keys
This advisory has been signed with the GPG key of Core Security advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0414",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "adamview",
"scope": "lte",
"trust": 1.8,
"vendor": "advantech",
"version": "4.3"
},
{
"model": "adamview",
"scope": "eq",
"trust": 1.2,
"vendor": "advantech",
"version": "4.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "adamview",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a8aaedc6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-08422"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007741"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-405"
},
{
"db": "NVD",
"id": "CVE-2014-8386"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:advantech:adamview",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007741"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CORE Advisories Team",
"sources": [
{
"db": "BID",
"id": "71191"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-405"
}
],
"trust": 0.9
},
"cve": "CVE-2014-8386",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8386",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-08422",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "a8aaedc6-2351-11e6-abef-000c29c66e3d",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-76331",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8386",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-8386",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-08422",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-405",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a8aaedc6-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-76331",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a8aaedc6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-08422"
},
{
"db": "VULHUB",
"id": "VHN-76331"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007741"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-405"
},
{
"db": "NVD",
"id": "CVE-2014-8386"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in Advantech AdamView 4.3 and earlier allow remote attackers to execute arbitrary code via a crafted (1) display properties or (2) conditional bitmap parameter in a GNI file. ADAMView is a data capture software. Advantech AdamView has multiple stack buffer overflow vulnerabilities because the application failed to properly border the user-supplied data before copying it into a full-size buffer. Allows an attacker to exploit these vulnerabilities to execute arbitrary code in the context of an application that is affected by an ActiveX control, typically Internet Explorer. Failed exploit attempts likely result in denial-of-service conditions. \nAdvantech AdamView 4.3 is vulnerable; other versions may also be affected. The software provides features such as graphical panel configuration, modularity and priority task design. Core Security - Corelabs Advisory\nhttp://corelabs.coresecurity.com/\n\nAdvantech AdamView Buffer Overflow\n\n\n1. *Advisory Information*\n\nTitle: Advantech AdamView Buffer Overflow\nAdvisory ID: CORE-2014-0008\nAdvisory URL:\nhttp://www.coresecurity.com/advisories/advantech-adamView-buffer-overflow\nDate published: 2014-11-19\nDate of last update: 2014-11-19\nVendors contacted: Advantech\nRelease mode: User release\n\n\n2. *Vulnerability Information*\n\nClass: Buffer overflow [CWE-119]\nImpact: Code execution\nRemotely Exploitable: No\nLocally Exploitable: Yes\nCVE Name: CVE-2014-8386\n\n\n3. \n\n \n4. Advantech AdamView V4.3\n . \n\n5. *Vendor Information, Solutions and Workarounds*\n\n The vendor informed us that the product is no longer supported and\ntherefore no fix or update is going to be released. \n \n Given that this is a client-side vulnerability, affected users\nshould avoid opening untrusted \u0027.gni\u0027 files. Core Security also\nrecommends those affected use third party software such as Sentinel [3]\nor EMET [2] that could help to prevent the exploitation of affected\nsystems to some extent. \n\n \n6. *Credits*\n\n This vulnerability was discovered and researched by Daniel Kazimirow\nand Fernando Paez from Core Security Exploit Writers Team. The\npublication of this advisory was coordinated by Joaqu\\xedn Rodr\\xedguez Varela\nfrom Core Advisories Team. \n\n \n\n7. \n \n Below are shown the vulnerable fields, the debug information, and\nthe stack state after being overwritten. \n\n \n/-----\n \nVULNERABLE FIELDS:\n\n[+] display properties (BUG 1)\n00475BA0 |. 53 PUSH EBX ; /\u003c%s\u003e\n00475BA1 |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18] ; |\n00475BA5 |. 68 F09C4B00 PUSH ADAMView.004B9CF0 ;\n|Format = \"Display Designer: %s\"\n00475BAA |. 51 PUSH ECX ; |s\n00475BAB |. 8BF0 MOV ESI,EAX ; |\n00475BAD |. FF15 84FF4900 CALL DWORD PTR DS:[\u003c\u0026USER32.wsprintfA\u003e] ;\n\\wsprintfA\n\nDEBUG:\n\nEAX 00000000\nECX 00000001\nEDX 00000000\nEBX 00000003\nESP 0012F924\nEBP 00000000\nESI 0012F9B4\nEDI 00F39DC8\nEIP CCCCCCCC \u003c------------------------------------\nC 0 ES 0023 32bit 0(FFFFFFFF)\nP 0 CS 001B 32bit 0(FFFFFFFF)\nA 0 SS 0023 32bit 0(FFFFFFFF)\nZ 0 DS 0023 32bit 0(FFFFFFFF)\nS 0 FS 003B 32bit 7FFDE000(FFF)\nT 0 GS 0000 NULL\nD 0\nO 0 LastErr ERROR_SUCCESS (00000000)\nEFL 00010202 (NO,NB,NE,A,NS,PO,GE,G)\nST0 empty\nST1 empty\nST2 empty\nST3 empty\nST4 empty\nST5 empty\nST6 empty\nST7 empty\n 3 2 1 0 E S P U O Z D I\nFST 4000 Cond 1 0 0 0 Err 0 0 0 0 0 0 0 0 (EQ)\nFCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1\n\nSTACK:\n\n0012F958 CCCCCCCC \\xcc\\xcc\\xcc\\xcc\n0012F95C CCCCCCCC \\xcc\\xcc\\xcc\\xcc\n0012F960 CCCCCCCC \\xcc\\xcc\\xcc\\xcc\n0012F964 CCCCCCCC \\xcc\\xcc\\xcc\\xcc\n0012F968 CCCCCCCC \\xcc\\xcc\\xcc\\xcc\n0012F96C CCCCCCCC \\xcc\\xcc\\xcc\\xcc\n0012F970 CCCCCCCC \\xcc\\xcc\\xcc\\xcc\n0012F974 CCCCCCCC \\xcc\\xcc\\xcc\\xcc\n0012F978 CCCCCCCC \\xcc\\xcc\\xcc\\xcc\n0012F97C CCCCCCCC \\xcc\\xcc\\xcc\\xcc Pointer to next SEH record\n0012F980 0043304A J0C. SE handler \u003c-------------- SEH CONTROLLED\nBY US (PPR)\n0012F984 FFFFFFFF \\xff\\xff\\xff\\xff\n0012F988 00485103 QH. \n \n Below are shown the vulnerable fields, the debug information, and\nthe stack state after being overwritten. \n\n \n/-----\n \nVULNERABLE FIELDS:\n\n[+] conditional bitmap \u003e bitmap file map (is a path) (BUG 2)\n\n00406E70 |. 55 |PUSH EBP ;\n/StringToAdd\n00406E71 |. 51 |PUSH ECX ;\n|ConcatString\n00406E72 |. FF15 A8F34900 |CALL DWORD PTR DS:[\u003c\u0026KERNEL32.lstrcatA\u003e\u003e;\n\\lstrcatA\n\n\nDEBUG:\n\nEAX 00000000\nECX CCCCCCCC \u003c--------------------- EAX\nEDX 73EA2608 MFC42.73EA2608\nEBX 00F3C92E ASCII \"BMP1\"\nESP 0012F884\nEBP 0000099C\nESI 0012F9B4\nEDI 00F3C818\nEIP CCCCCCCC \u003c---------------------\nC 0 ES 0023 32bit 0(FFFFFFFF)\nP 0 CS 001B 32bit 0(FFFFFFFF)\nA 0 SS 0023 32bit 0(FFFFFFFF)\nZ 0 DS 0023 32bit 0(FFFFFFFF)\nS 0 FS 003B 32bit 7FFDF000(FFF)\nT 0 GS 0000 NULL\nD 0\nO 0 LastErr ERROR_PATH_NOT_FOUND (00000003)\nEFL 00010202 (NO,NB,NE,A,NS,PO,GE,G)\nST0 empty\nST1 empty\nST2 empty\nST3 empty\nST4 empty\nST5 empty\nST6 empty\nST7 empty\n 3 2 1 0 E S P U O Z D I\nFST 4000 Cond 1 0 0 0 Err 0 0 0 0 0 0 0 0 (EQ)\nFCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1\n\nSTACK:\n\n0012F884 CCCCCCCC\n0012F888 CCCCCCCC\n0012F88C CCCCCCCC\n0012F890 CCCCCCCC\n0012F894 CCCCCCCC\n0012F898 CCCCCCCC\n0012F89C CCCCCCCC\n0012F8A0 7ACCCCCC\n0012F8A4 CC004342\n0012F8A8 CCCCCCCC\n0012F8AC CCCCCCCC\n0012F8B0 CCCCCCCC\n0012F8B4 CCCCCCCC\n0012F8B8 CCCCCCCC\n0012F8BC CCCCCCCC\n0012F8C0 CCCCCCCC\n0012F8C4 CCCCCCCC\n\n-----/\n\n\n8. *Report Timeline*\n. 2014-10-01:\n\n Initial notification sent to ICS-CERT informing of the vulnerability\nand requesting the vendor\u0027s contact information. 2014-10-01:\n\n ICS-CERT informs that they will ask the vendor if they want to\ncoordinate directly with us or if they prefer to have ICS-CERT mediate. \nThey request the vulnerability report. 2014-10-01:\n\n ICS-CERT informs that the vendor answered that they would like the\nICS-CERT to mediate the coordination of the advisory. They requested\nagain the vulnerability report. 2014-10-01:\n\n We send the vulnerability detail, including technical description\nand a PoC. 2014-10-09:\n\n We request a status update on the reported vulnerability. 2014-10-20:\n\n ICS-CERT informs that the vendor is still reviewing the vulnerability. 2014-10-27:\n\n ICS-CERT informs us that the vendor is no longer supporting\nADAMView, and therefore they will not fix it. 2014-11-13:\n\n We inform them that we will publish this advisory as user release on\nWednesday 19th of November. 2014-11-19:\n\n Advisory CORE-2014-0008 published. \n\n\n9. *References*\n\n[1]\nhttp://www.advantech.com/products/1-39JG4I/ADAMVIEW/mod_328DB466-4B81-4652-B8AF-F5568F24A103.aspx. \n[2] http://support.microsoft.com/kb/2458544. \n[3] https://github.com/CoreSecurity/sentinel. \n\n\n10. *About CoreLabs*\n\n CoreLabs, the research center of Core Security, is charged with\nanticipating the future needs and requirements for information security\ntechnologies. We conduct our research in several important areas of\ncomputer security including system vulnerabilities, cyber attack\nplanning and simulation, source code auditing, and cryptography. Our\nresults include problem formalization, identification of\nvulnerabilities, novel solutions and prototypes for new technologies. \nCoreLabs regularly publishes security advisories, technical papers,\nproject information and shared software tools for public use at:\nhttp://corelabs.coresecurity.com. \n\n \n11. *About Core Security*\n\n Core Security enables organizations to get ahead of threats with\nsecurity test and measurement solutions that continuously identify and\ndemonstrate real-world exposures to their most critical assets. Our\ncustomers can gain real visibility into their security standing, real\nvalidation of their security controls, and real metrics to more\neffectively secure their organizations. \n\n Core Security\u0027s software solutions build on over a decade of trusted\nresearch and leading-edge threat expertise from the company\u0027s Security\nConsulting Services, CoreLabs and Engineering groups. Core Security can\nbe reached at +1 (617) 399-6980 or on the Web at:\nhttp://www.coresecurity.com. \n\n\n12. *Disclaimer*\n\n The contents of this advisory are copyright (c) 2014 Core Security\nand (c) 2014 CoreLabs, and are licensed under a Creative Commons\nAttribution Non-Commercial Share-Alike 3.0 (United States) License:\nhttp://creativecommons.org/licenses/by-nc-sa/3.0/us/\n\n\n13. *PGP/GPG Keys*\n\n This advisory has been signed with the GPG key of Core Security\nadvisories team, which is available for download at\nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8386"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007741"
},
{
"db": "CNVD",
"id": "CNVD-2014-08422"
},
{
"db": "BID",
"id": "71191"
},
{
"db": "IVD",
"id": "a8aaedc6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-76331"
},
{
"db": "PACKETSTORM",
"id": "129184"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-76331",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76331"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8386",
"trust": 3.7
},
{
"db": "EXPLOIT-DB",
"id": "35503",
"trust": 1.7
},
{
"db": "BID",
"id": "71191",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-201411-405",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-08422",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007741",
"trust": 0.8
},
{
"db": "IVD",
"id": "A8AAEDC6-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "129184",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "132546",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-76331",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a8aaedc6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-08422"
},
{
"db": "VULHUB",
"id": "VHN-76331"
},
{
"db": "BID",
"id": "71191"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007741"
},
{
"db": "PACKETSTORM",
"id": "129184"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-405"
},
{
"db": "NVD",
"id": "CVE-2014-8386"
}
]
},
"id": "VAR-201501-0414",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a8aaedc6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-08422"
},
{
"db": "VULHUB",
"id": "VHN-76331"
}
],
"trust": 1.525
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a8aaedc6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-08422"
}
]
},
"last_update_date": "2025-04-12T23:22:20.505000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ADAMView",
"trust": 0.8,
"url": "http://www.advantech.co.jp/products/1-39JG4I/ADAMVIEW/mod_328DB466-4B81-4652-B8AF-F5568F24A103.aspx"
},
{
"title": "Advantech AdamView has multiple patches for stack buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/52044"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08422"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007741"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76331"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007741"
},
{
"db": "NVD",
"id": "CVE-2014-8386"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.coresecurity.com/advisories/advantech-adamview-buffer-overflow"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/35503"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2014/nov/57"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/71191"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8386"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8386"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/kb/240797"
},
{
"trust": 0.1,
"url": "https://github.com/coresecurity/sentinel."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8386"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc."
},
{
"trust": 0.1,
"url": "http://corelabs.coresecurity.com/"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com."
},
{
"trust": 0.1,
"url": "http://support.microsoft.com/kb/2458544."
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-nc-sa/3.0/us/"
},
{
"trust": 0.1,
"url": "http://www.advantech.com/products/1-39jg4i/adamview/mod_328db466-4b81-4652-b8af-f5568f24a103.aspx."
},
{
"trust": 0.1,
"url": "http://corelabs.coresecurity.com."
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08422"
},
{
"db": "VULHUB",
"id": "VHN-76331"
},
{
"db": "BID",
"id": "71191"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007741"
},
{
"db": "PACKETSTORM",
"id": "129184"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-405"
},
{
"db": "NVD",
"id": "CVE-2014-8386"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a8aaedc6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-08422"
},
{
"db": "VULHUB",
"id": "VHN-76331"
},
{
"db": "BID",
"id": "71191"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007741"
},
{
"db": "PACKETSTORM",
"id": "129184"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-405"
},
{
"db": "NVD",
"id": "CVE-2014-8386"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-21T00:00:00",
"db": "IVD",
"id": "a8aaedc6-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08422"
},
{
"date": "2015-01-20T00:00:00",
"db": "VULHUB",
"id": "VHN-76331"
},
{
"date": "2014-11-19T00:00:00",
"db": "BID",
"id": "71191"
},
{
"date": "2015-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007741"
},
{
"date": "2014-11-20T16:23:32",
"db": "PACKETSTORM",
"id": "129184"
},
{
"date": "2014-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-405"
},
{
"date": "2015-01-20T15:59:00.047000",
"db": "NVD",
"id": "CVE-2014-8386"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08422"
},
{
"date": "2015-01-21T00:00:00",
"db": "VULHUB",
"id": "VHN-76331"
},
{
"date": "2015-07-15T00:14:00",
"db": "BID",
"id": "71191"
},
{
"date": "2015-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007741"
},
{
"date": "2015-01-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-405"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-8386"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-405"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech AdamView Vulnerable to stack-based buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007741"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "a8aaedc6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-405"
}
],
"trust": 0.8
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.