Buffer overflow

2011-08-0521:55:00

PRIOn knowledge base

www.prio-n.com

8.4 High

AI Score

Confidence

Low

0.124 Low

EPSS

Percentile

95.4%

JSON

Multiple buffer overflows in the Provideo ActiveX controls allow remote attackers to execute arbitrary code via crafted input fields, as demonstrated by (1) a long strIp argument to the voice method in 2way.dll in the alarm 1.0.3.1 ActiveX control, (2) a network response to AXPlayer.ocx in the GMAXPlayer 2.0.8.2 ActiveX control, the (3) UserName or (4) Password parameter to AXPlayer.ocx in the GMAXPlayer 2.0.8.2 ActiveX control, (5) a long Id parameter to the GetString method in PAxPlayer.ocx in the PAxPlayer 3.0.0.9 ActiveX control, or (6) a long strAdr parameter to the ConnectIPCam method in PAxPlayer.ocx in the PAxPlayer 3.0.0.9 ActiveX control.

CPENameOperatorVersion
alarm_activex_controleq3.0.0.9
gmax_activex_controleq2.0.8.2
paxplayer_activex_controleq3.0.0.9

Name	Operator	Version
alarm_activex_control	eq	3.0.0.9
gmax_activex_control	eq	2.0.8.2
paxplayer_activex_control	eq	3.0.0.9

References

osvdb.org/74310

osvdb.org/74311

osvdb.org/74312

osvdb.org/74313

osvdb.org/74314

secunia.com/secunia_research/2011-56/

secunia.com/secunia_research/2011-57/

secunia.com/secunia_research/2011-58/

www.securityfocus.com/bid/48977