ID

VAR-200706-0390


CVE

CVE-2007-3488


TITLE

Sony Network Camera SNC-P5 SonySncP5View.OCX ActiveX Control Buffer Overflow Vulnerability

Trust: 0.9

sources: BID: 24684 // CNNVD: CNNVD-200706-528

DESCRIPTION

Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method. The ActiveX Control for Sony SNC series network cameras is a software to monitor images over the network using a web browser. Failed exploit attempts likely result in denial-of-service conditions. ---------------------------------------------------------------------- Did you know? Our assessment and impact rating along with detailed information such as exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/ Click here to trial our solutions: http://secunia.com/advisories/try_vi/ ---------------------------------------------------------------------- TITLE: Sony Network Camera ActiveX Control Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA33968 VERIFY ADVISORY: http://secunia.com/advisories/33968/ DESCRIPTION: A vulnerability has been reported in the Sony Network Camera ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error and can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code. Please see vendor advisory for a list of products and firmware versions that include the affected ActiveX control. SOLUTION: Update to a fixed version. See vendor advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Sony: http://www.sony.jp/professional/News/info/pb20090223.html OTHER REFERENCES: JVN: http://jvn.jp/jp/JVN16767117/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.34

sources: NVD: CVE-2007-3488 // JVNDB: JVNDB-2009-000012 // BID: 33876 // BID: 24684 // VULHUB: VHN-26850 // PACKETSTORM: 75135

AFFECTED PRODUCTS

vendor:sonymodel:network camera snc-p5scope:eqversion:1.0

Trust: 2.2

vendor:sonymodel:snc-cs10scope:eqversion:prior to 1.06

Trust: 0.8

vendor:sonymodel:snc-cs11scope:eqversion:prior to 1.06

Trust: 0.8

vendor:sonymodel:snc-cs50nscope:eqversion:prior to 2.22

Trust: 0.8

vendor:sonymodel:snc-cs50pscope:eqversion:prior to 2.22

Trust: 0.8

vendor:sonymodel:snc-df40nscope:eqversion:prior to 1.18

Trust: 0.8

vendor:sonymodel:snc-df40pscope:eqversion:prior to 1.18

Trust: 0.8

vendor:sonymodel:snc-df50nscope:eqversion:prior to 1.12

Trust: 0.8

vendor:sonymodel:snc-df50pscope:eqversion:prior to 1.12

Trust: 0.8

vendor:sonymodel:snc-df70nscope:eqversion:prior to 1.18

Trust: 0.8

vendor:sonymodel:snc-df70pscope:eqversion:prior to 1.18

Trust: 0.8

vendor:sonymodel:snc-df80nscope:eqversion:prior to 1.12

Trust: 0.8

vendor:sonymodel:snc-df80pscope:eqversion:prior to 1.12

Trust: 0.8

vendor:sonymodel:snc-df85nscope:eqversion:prior to 1.12

Trust: 0.8

vendor:sonymodel:snc-df85pscope:eqversion:prior to 1.12

Trust: 0.8

vendor:sonymodel:snc-p1scope:eqversion:prior to 1.29

Trust: 0.8

vendor:sonymodel:snc-p5scope:eqversion:prior to 1.29

Trust: 0.8

vendor:sonymodel:snc-rx530nscope:eqversion:(b) 3.00 or prior to 2.31

Trust: 0.8

vendor:sonymodel:snc-rx530nscope:eqversion:(w) 3.00 or prior to 2.31

Trust: 0.8

vendor:sonymodel:snc-rx530pscope:eqversion:3.00 or prior to 2.31

Trust: 0.8

vendor:sonymodel:snc-rx550nscope:eqversion:(b) 3.00 or prior to 2.31

Trust: 0.8

vendor:sonymodel:snc-rx550nscope:eqversion:(w) 3.00 or prior to 2.31

Trust: 0.8

vendor:sonymodel:snc-rx550pscope:eqversion:3.00 or prior to 2.31

Trust: 0.8

vendor:sonymodel:snc-rx570nscope:eqversion:(b) 3.00 or prior to 2.31

Trust: 0.8

vendor:sonymodel:snc-rx570nscope:eqversion:(w) 3.00 or prior to 2.31

Trust: 0.8

vendor:sonymodel:snc-rx570pscope:eqversion:3.00 or prior to 2.31

Trust: 0.8

vendor:sonymodel:snc-rz25nscope:eqversion:prior to 1.30

Trust: 0.8

vendor:sonymodel:snc-rz25pscope:eqversion:prior to 1.30

Trust: 0.8

vendor:sonymodel:snc-rz50nscope:eqversion:prior to 2.22

Trust: 0.8

vendor:sonymodel:snc-rz50pscope:eqversion:prior to 2.22

Trust: 0.8

vendor:sonymodel:network camera snc-rz50nscope:eqversion:2.21

Trust: 0.3

vendor:sonymodel:network camera snc-rz25nscope:eqversion:1.29

Trust: 0.3

vendor:sonymodel:network camera snc-rx570n/wscope:eqversion:3.0

Trust: 0.3

vendor:sonymodel:network camera snc-rx570n/wscope:eqversion:2.30

Trust: 0.3

vendor:sonymodel:network camera snc-rx570n/bscope:eqversion:3.0

Trust: 0.3

vendor:sonymodel:network camera snc-rx570n/bscope:eqversion:2.30

Trust: 0.3

vendor:sonymodel:network camera snc-rx550n/wscope:eqversion:3.0

Trust: 0.3

vendor:sonymodel:network camera snc-rx550n/wscope:eqversion:2.30

Trust: 0.3

vendor:sonymodel:network camera snc-rx550n/bscope:eqversion:3.0

Trust: 0.3

vendor:sonymodel:network camera snc-rx550n/bscope:eqversion:2.30

Trust: 0.3

vendor:sonymodel:network camera snc-rx530n/wscope:eqversion:3.0

Trust: 0.3

vendor:sonymodel:network camera snc-rx530n/wscope:eqversion:2.30

Trust: 0.3

vendor:sonymodel:network camera snc-rx530n/bscope:eqversion:3.0

Trust: 0.3

vendor:sonymodel:network camera snc-rx530n/bscope:eqversion:2.30

Trust: 0.3

vendor:sonymodel:network camera snc-p5scope:eqversion:1.28

Trust: 0.3

vendor:sonymodel:network camera snc-p1scope:eqversion:1.28

Trust: 0.3

vendor:sonymodel:network camera snc-df85nscope:eqversion:1.11

Trust: 0.3

vendor:sonymodel:network camera snc-df80nscope:eqversion:1.11

Trust: 0.3

vendor:sonymodel:network camera snc-df70nscope:eqversion:1.17

Trust: 0.3

vendor:sonymodel:network camera snc-df50nscope:eqversion:1.11

Trust: 0.3

vendor:sonymodel:network camera snc-df40nscope:eqversion:1.17

Trust: 0.3

vendor:sonymodel:network camera snc-cs50nscope:eqversion:2.21

Trust: 0.3

vendor:sonymodel:network camera snc-cs11scope:eqversion:1.05

Trust: 0.3

vendor:sonymodel:network camera snc-cs10scope:eqversion:1.05

Trust: 0.3

vendor:sonymodel:network camera snc-rz50nscope:neversion:2.22

Trust: 0.3

vendor:sonymodel:network camera snc-rz25nscope:neversion:1.30

Trust: 0.3

vendor:sonymodel:network camera snc-rx570n/wscope:neversion:3.01

Trust: 0.3

vendor:sonymodel:network camera snc-rx570n/wscope:neversion:2.31

Trust: 0.3

vendor:sonymodel:network camera snc-rx570n/bscope:neversion:3.01

Trust: 0.3

vendor:sonymodel:network camera snc-rx570n/bscope:neversion:2.31

Trust: 0.3

vendor:sonymodel:network camera snc-rx550n/wscope:neversion:3.01

Trust: 0.3

vendor:sonymodel:network camera snc-rx550n/wscope:neversion:2.31

Trust: 0.3

vendor:sonymodel:network camera snc-rx550n/bscope:neversion:3.01

Trust: 0.3

vendor:sonymodel:network camera snc-rx550n/bscope:neversion:2.31

Trust: 0.3

vendor:sonymodel:network camera snc-rx530n/wscope:neversion:3.01

Trust: 0.3

vendor:sonymodel:network camera snc-rx530n/wscope:neversion:2.31

Trust: 0.3

vendor:sonymodel:network camera snc-rx530n/bscope:neversion:3.01

Trust: 0.3

vendor:sonymodel:network camera snc-rx530n/bscope:neversion:2.31

Trust: 0.3

vendor:sonymodel:network camera snc-p5scope:neversion:1.29

Trust: 0.3

vendor:sonymodel:network camera snc-p1scope:neversion:1.29

Trust: 0.3

vendor:sonymodel:network camera snc-df85nscope:neversion:1.12

Trust: 0.3

vendor:sonymodel:network camera snc-df80nscope:neversion:1.12

Trust: 0.3

vendor:sonymodel:network camera snc-df70nscope:neversion:1.18

Trust: 0.3

vendor:sonymodel:network camera snc-df50nscope:neversion:1.12

Trust: 0.3

vendor:sonymodel:network camera snc-df40nscope:neversion:1.18

Trust: 0.3

vendor:sonymodel:network camera snc-cs50nscope:neversion:2.22

Trust: 0.3

vendor:sonymodel:network camera snc-cs11scope:neversion:1.06

Trust: 0.3

vendor:sonymodel:network camera snc-cs10scope:neversion:1.06

Trust: 0.3

sources: BID: 33876 // BID: 24684 // JVNDB: JVNDB-2009-000012 // CNNVD: CNNVD-200706-528 // NVD: CVE-2007-3488

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3488
value: HIGH

Trust: 1.0

IPA: JVNDB-2009-000012
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200706-528
value: CRITICAL

Trust: 0.6

VULHUB: VHN-26850
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-3488
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2009-000012
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-26850
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-26850 // JVNDB: JVNDB-2009-000012 // CNNVD: CNNVD-200706-528 // NVD: CVE-2007-3488

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2009-000012 // NVD: CVE-2007-3488

THREAT TYPE

network

Trust: 0.6

sources: BID: 33876 // BID: 24684

TYPE

Boundary Condition Error

Trust: 0.6

sources: BID: 33876 // BID: 24684

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-000012

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-26850

PATCH

title:List of Affected Sony Network Camerasurl:http://pro.sony.com/bbsc/ssr/cat-securitycameras/resource.downloads.bbsccms-assets-cat-camsec-downloads-AffectedNetworkCameras.shtml

Trust: 0.8

sources: JVNDB: JVNDB-2009-000012

EXTERNAL IDS

db:JVNDBid:JVNDB-2009-000012

Trust: 3.3

db:JVNid:JVN16767117

Trust: 2.9

db:NVDid:CVE-2007-3488

Trust: 2.8

db:BIDid:24684

Trust: 2.8

db:OSVDBid:39479

Trust: 2.5

db:EXPLOIT-DBid:4120

Trust: 1.7

db:XFid:35133

Trust: 1.4

db:CNNVDid:CNNVD-200706-528

Trust: 0.7

db:MILW0RMid:4120

Trust: 0.6

db:XFid:5

Trust: 0.6

db:JVNid:JVN#16767117

Trust: 0.6

db:BIDid:33876

Trust: 0.3

db:SECUNIAid:33968

Trust: 0.2

db:SEEBUGid:SSVID-64771

Trust: 0.1

db:VULHUBid:VHN-26850

Trust: 0.1

db:PACKETSTORMid:75135

Trust: 0.1

sources: VULHUB: VHN-26850 // BID: 33876 // BID: 24684 // JVNDB: JVNDB-2009-000012 // PACKETSTORM: 75135 // CNNVD: CNNVD-200706-528 // NVD: CVE-2007-3488

REFERENCES

url:http://www.securityfocus.com/bid/24684

Trust: 2.5

url:http://jvn.jp/en/jp/jvn16767117/index.html

Trust: 2.5

url:http://jvndb.jvn.jp/ja/contents/2009/jvndb-2009-000012.html

Trust: 2.5

url:http://osvdb.org/39479

Trust: 2.5

url:http://jvn.jp/en/jp/jvn16767117/041520/index.html

Trust: 1.7

url:http://pro.sony.com/bbsc/ssr/cat-securitycameras/resource.downloads.bbsccms-assets-cat-camsec-downloads-affectednetworkcameras.shtml

Trust: 1.7

url:http://xforce.iss.net/xforce/xfdb/35133

Trust: 1.4

url:https://www.exploit-db.com/exploits/4120

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/35133

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3488

Trust: 0.8

url:http://www.ipa.go.jp/security/english/vuln/200902_sonysnc_en.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3488

Trust: 0.8

url:http://www.sony.com

Trust: 0.6

url:http://www.milw0rm.com/exploits/4120

Trust: 0.6

url:http://jvn.jp/jp/jvn16767117/index.html

Trust: 0.4

url:http://www.sony.jp/professional/news/info/pb20090223.html

Trust: 0.4

url:http://support.microsoft.com/kb/240797

Trust: 0.3

url:http://bssc.sel.sony.com/broadcastandbusiness/displaymodel?id=79540

Trust: 0.3

url:http://secunia.com/advisories/33968/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/business_solutions/

Trust: 0.1

url:http://secunia.com/advisories/try_vi/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-26850 // BID: 33876 // BID: 24684 // JVNDB: JVNDB-2009-000012 // PACKETSTORM: 75135 // CNNVD: CNNVD-200706-528 // NVD: CVE-2007-3488

CREDITS

str0ke is credited with the discovery of this issue.

Trust: 0.9

sources: BID: 24684 // CNNVD: CNNVD-200706-528

SOURCES

db:VULHUBid:VHN-26850
db:BIDid:33876
db:BIDid:24684
db:JVNDBid:JVNDB-2009-000012
db:PACKETSTORMid:75135
db:CNNVDid:CNNVD-200706-528
db:NVDid:CVE-2007-3488

LAST UPDATE DATE

2025-04-10T22:22:00.122000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-26850date:2017-09-29T00:00:00
db:BIDid:33876date:2009-02-24T20:27:00
db:BIDid:24684date:2015-05-07T17:37:00
db:JVNDBid:JVNDB-2009-000012date:2009-03-09T00:00:00
db:CNNVDid:CNNVD-200706-528date:2009-03-20T00:00:00
db:NVDid:CVE-2007-3488date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:VULHUBid:VHN-26850date:2007-06-29T00:00:00
db:BIDid:33876date:2009-02-24T00:00:00
db:BIDid:24684date:2007-06-27T00:00:00
db:JVNDBid:JVNDB-2009-000012date:2009-03-09T00:00:00
db:PACKETSTORMid:75135date:2009-02-24T15:54:35
db:CNNVDid:CNNVD-200706-528date:2007-06-29T00:00:00
db:NVDid:CVE-2007-3488date:2007-06-29T18:30:00