Vulnerabilities (CVE)

Filtered by vendor Interactivedata Subscribe
Filtered by product Esignal
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-3494 1 Interactivedata 1 Esignal 2024-02-04 10.0 HIGH N/A
WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
CVE-2011-3503 1 Interactivedata 1 Esignal 2024-02-04 9.3 HIGH N/A
Untrusted search path vulnerability in eSignal 10.6.2425.1208, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse JRS_UT.dll that is located in the same folder as a .quo (QUOTE) file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.