DiViS-Web ActiveX控件AddSiteEx()方式堆溢出漏洞

BUGTRAQ ID: 34468 DiViS-Web是Chance-i视频监控系统所使用的基于WEB的控制软件。 DiViS-Web ActiveX控件（ActiveView.cab）没有正确地验证对AddSiteEx函数所传送的输入参数，如果用户受骗访问了恶意网页并向该参数传送了超长参数的话，就可以触发堆溢出，导致执行任意代码。 Chance-i DiViS-Web 3.0.0.7 临时解决方法： 为clsid 66F7F252-3FE1-4650-B1E5-94B2A38271C5设置kill-bit。 厂商补丁： Chance-i --------...

Chance-i DiViS-Web DVR System ActiveX Control Heap Overflow PoC

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-09-035 original advisory: http://dsecrg.com/pages/vul/DSECRG-09-035.html Application: Chance-i DiViS-Web DVR System ActiveX control Versions Affected: 3,0,0,7 Vendor URL: http://www.chance-i.com/ Bug: Heap...

Chance-i DiViS-Web DVR System ActiveX Control Heap Overflow PoC

Exploit for unknown platform in category dos / poc =============================================================== Chance-i DiViS-Web DVR System ActiveX Control Heap Overflow PoC =============================================================== Digital Security Research Group DSecRG Advisory...

Chance-i DiViS-Web DVR System - ActiveX Control Heap Overflow (PoC)

Chance-i DiViS-Web DVR System - ActiveX Control Heap Overflow PoC Digital Security Research Group DSecRG Advisory DSECRG-09-035 original advisory: http://dsecrg.com/pages/vul/DSECRG-09-035.html Application: Chance-i DiViS-Web DVR System ActiveX control Versions Affected: 3,0,0,7 Vendor URL:...

Chance-i DiViS-Web DVR System - ActiveX Control Heap Overflow (PoC)

Digital Security Research Group DSecRG Advisory DSECRG-09-035 original advisory: http://dsecrg.com/pages/vul/DSECRG-09-035.html Application: Chance-i DiViS-Web DVR System ActiveX control Versions Affected: 3,0,0,7 Vendor URL: http://www.chance-i.com/ Bug: Heap Overflow Exploits: YES Reported:...