Multiple General Electric (GE) Intelligent Platform products are prone to an overflow condition. The KeyHelp.ocx ActiveX control fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. When performing a boundary check on input, a remote attacker can potentially execute arbitrary code.

Currently, there are no known upgrades or patches to correct this vulnerability. It is possible to temporarily work around the flaw by implementing the following workaround: Remove the vulnerable ActiveX components. The vendor has provided a tool for this.

• CVE ID: 2012-2515 (see also: NVD)
• Secunia Advisory ID: 49728
• Related OSVDB ID: 83311
• Vendor Specific Advisory URL: http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14863
  http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-04%20Security%20Advisory%20-%20Proficy%20HTML%20Help.pdf
• Other Advisory URL: http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdf

• Not Available