Stack overflow

2008-10-2819:20:00

PRIOn knowledge base

www.prio-n.com

8.8 High

AI Score

Confidence

Low

0.266 Low

EPSS

Percentile

96.8%

JSON

Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly other products, allows remote attackers to execute arbitrary code via a long Url property. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
vatctrl_classeq1.0.0.51
vatctrl_classeq1.0.0.27
mpeg4_shm_audio_controleq1.7.0.5
rtsp_mpeg4_sp_controleq2.0.0.39

Name	Operator	Version
vatctrl_class	eq	1.0.0.51
vatctrl_class	eq	1.0.0.27
mpeg4_shm_audio_control	eq	1.7.0.5
rtsp_mpeg4_sp_control	eq	2.0.0.39

References

osvdb.org/42378

osvdb.org/43007

secunia.com/advisories/29131

secunia.com/advisories/29145

secunia.com/advisories/29146

securityreason.com/securityalert/4517

www.securityfocus.com/bid/28010

www.vupen.com/english/advisories/2008/0685/references

www.vupen.com/english/advisories/2008/0686/references

www.vupen.com/english/advisories/2008/0687/references

exchange.xforce.ibmcloud.com/vulnerabilities/40863

exchange.xforce.ibmcloud.com/vulnerabilities/40864

exchange.xforce.ibmcloud.com/vulnerabilities/40867

www.exploit-db.com/exploits/5193