ID

VAR-200706-0390

CVE

CVE-2007-3488

TITLE

Sony Network Camera SNC-P5 SonySncP5View.OCX ActiveX Control Buffer Overflow Vulnerability

DESCRIPTION

Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method. The ActiveX Control for Sony SNC series network cameras is a software to monitor images over the network using a web browser. Failed exploit attempts likely result in denial-of-service conditions. ---------------------------------------------------------------------- Did you know? Our assessment and impact rating along with detailed information such as exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/ Click here to trial our solutions: http://secunia.com/advisories/try_vi/ ---------------------------------------------------------------------- TITLE: Sony Network Camera ActiveX Control Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA33968 VERIFY ADVISORY: http://secunia.com/advisories/33968/ DESCRIPTION: A vulnerability has been reported in the Sony Network Camera ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error and can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code. Please see vendor advisory for a list of products and firmware versions that include the affected ActiveX control. SOLUTION: Update to a fixed version. See vendor advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Sony: http://www.sony.jp/professional/News/info/pb20090223.html OTHER REFERENCES: JVN: http://jvn.jp/jp/JVN16767117/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

network

TYPE

Boundary Condition Error

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

str0ke is credited with the discovery of this issue.

SOURCES

LAST UPDATE DATE

2025-04-10T22:22:00.122000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE