[FD] Advantech WebAccess 8.0, 3.4.3 multiple Remote Code Execution Vulnerabilities

Introduction ********************************************************************************* Using Advantech WebAccess SCADA Software we can remotely manage Industrial Control systems devices like RTU's, Generators, Motors etc. Attackers can execute code remotely by passing maliciously crafted string to ConvToSafeArray API in ASPVCOBJLib.AspDataDriven ActiveX. Operating System: Windows SP1 Affected Product: Advantech WebAccess 8.0, 3.4.3 Vulnerable Program: AspVCObj.dll CVE-2014-9208 ********************************************************************************* Proof of Concept (PoC) for "Advantech WebAccess AspVCObj ActiveX UpdateProject Overflow Remote Code Execution" *********************************************************************************