Lucene search
Carsten Eiram, Risk Based SecurityZDI-14-397HistoryDec 04, 2014 - 12:00 a.m.
(0Day) 3S Pocketnet Tech VMS PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 GetONVIFDeviceInformation/GetONVIFProfiles/GetONVIFStreamUri Heap Buffer Overflow Remote Code Execution Vulnerability
2014-12-0400:00:00
Carsten Eiram, Risk Based Security
www.zerodayinitiative.com
9
EPSS
0.295
Percentile
96.9%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of 3S Pocketnet Tech VMS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control. The GetONVIFDeviceInformation, GetONVIFProfiles, and GetONVIFStreamUri methods copy attacker provided strings into a fixed size heap buffer. An attacker could leverage this to execute arbitrary code in the context of the browser.
References
Related
zdi
zdi
(0Day) 3S Pocketnet Tech VMS PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 SetDisplayText Heap Buffer Overflow Remote Code Execution Vulnerability
2014-12-04 00:00:00
cve
cve
CVE-2014-9263
2014-12-08 16:59:05
prion
prion
Buffer overflow
2014-12-08 16:59:00
cvelist
cvelist
CVE-2014-9263
2014-12-08 16:00:00
nvd
nvd
CVE-2014-9263
2014-12-08 16:59:05