JVN#16767117 Buffer overflow vulnerability in ActiveX Control for Sony SNC series network cameras

The ActiveX Control for Sony SNC series network cameras is a software to monitor images over the network using a web browser. This ActiveX Control contains a heap-based buffer overflow vulnerability triggered by the improper processing of some configuration variables.

Impact

A remote attacker could execute arbitrary code.

Solution

Update the Software
Update to the latest version according to the information provided by the vendor.

Products Affected

Terminals where an ActiveX Control module is installed from the following systems:

• SNC-RZ25N prior to 1.30
• SNC-P1 prior to 1.29
• SNC-P5 prior to 1.29
• SNC-CS10 prior to 1.06
• SNC-CS11 prior to 1.06
• SNC-DF40N prior to 1.18
• SNC-DF70N prior to 1.18
• SNC-RZ50N prior to 2.22
• SNC-CS50N prior to 2.22
• SNC-DF85N prior to 1.12
• SNC-DF80N prior to 1.12
• SNC-DF50N prior to 1.12
• SNC-RX570N/W 3.00 or prior to 2.31
• SNC-RX570N/B 3.00 or prior to 2.31
• SNC-RX550N/W 3.00 or prior to 2.31
• SNC-RX550N/B 3.00 or prior to 2.31
• SNC-RX530N/W 3.00 or prior to 2.31
• SNC-RX530N/B 3.00 or prior to 2.31
• SNC-RZ25P prior to 1.30
• SNC-DF70P prior to 1.18
• SNC-DF40P prior to 1.18
• SNC-RZ50P prior to 2.22
• SNC-CS50P prior to 2.22
• SNC-DF85P prior to 1.12
• SNC-DF80P prior to 1.12
• SNC-DF50P prior to 1.12
• SNC-RX570P 3.00 or prior to 2.31
• SNC-RX550P 3.00 or prior to 2.31
• SNC-RX530P 3.00 or prior to 2.31