ZDI-12-133 : GE Proficy Historian ihDataArchiver.exe Multiple Opcode Parsing Remote Code Execution Vulnerabilities

ZDI-12-133 : GE Proficy Historian ihDataArchiver.exe Multiple Opcode
Parsing Remote Code Execution Vulnerabilities
http://www.zerodayinitiative.com/advisories/ZDI-12-133
August  3, 2012

-- CVE ID:
CVE-2012-0229

-- CVSS:
10, AV:N/AC:L/Au:N/C:C/I:C/A:C

-- Affected Vendors:
GE

-- Affected Products:
GE Proficy Historian ihDataArchiver

-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of GE iFix. Authentication is not required to
exploit this vulnerability. 

The specific flaw exists within the ihDataArchiver.exe process which
listens by default on TCP port 14000. Several errors are present in the
code responsible for parsing data from the network. By providing malformed
data for opcodes 6, 7, 8, 10, and 12 the process can be made to corrupt
memory which can lead to arbitrary code execution in the context of the
user running the service.