##################################################################################### Application: CYME Power Engineering Software Platforms: Windows Version: CYME version 5.0.12.663. Secunia: SA48430 {PRL}: 2012-29 Author: Francis Provencher (Protek Research Lab's) Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch ##################################################################################### 1) Introduction 2) Report Timeline 3) Technical details 4) The Code ##################################################################################### =============== 1) Introduction =============== The CYME Power Engineering software is a suite of applications composed of a network editor, analysis modules and user-customizable model libraries from which you can choose to get the most powerful solution. The modules available comprise a variety of advanced applications and extensive libraries for either transmission/industrial or distribution power network analysis. (http://www.cyme.com/software/) This software is use by all major electrical production/distrubtion company http://www.cyme.com/company/clients/ ##################################################################################### ============================ 2) Report Timeline ============================ 2012-03-14 Vulnerability reported to Secunia 2012-10-03 Publication of this advisory (180 Days) ##################################################################################### ============================ 3) Technical details ============================ The vulnerability is caused due to an indexing error in the "ShowPropertiesDialog()" method (ChartFX.ClientServer.Core.dll) of the ChartFX ActiveX Control. This can be exploited to write a single byte value to an arbitrary memory location via the "pageNumber" parameter. Successful exploitation may allow execution of arbitrary code. ##################################################################################### =========== 4) The Code ===========