ID
VAR-200802-0532
TITLE
Multiple Vendor IP Camera ActiveX Control URL Parameter Stack Overflow Vulnerability
Trust: 0.6
DESCRIPTION
D-Link MPEG4 SHM Audio Control, 4XEM VatCtrl Class and Vivotek RTSP MPEG4 SP Control are all ActiveX controls installed by the IP cameras of their respective manufacturers. A buffer overflow vulnerability exists in the implementation of the above-mentioned ActiveX control of the network camera. A remote attacker may use this vulnerability to control the user system. VATDecoder.VatCtrl.1 ActiveX control (VATDecoder.dll), RtspVaPgCtrl Class ActiveX control (RtspVapgDecoderNew.dll), and VAPgDecoder.VaPgCtrl.1 ActiveX control (VAPGDecoder.dll) does not properly validate the string assigned to the Url parameter if the user is deceived If a malicious webpage is accessed and a long string is passed to this parameter, it may trigger a stack overflow and cause arbitrary instructions to be executed.
Trust: 0.6
IOT TAXONOMY
| category: | ['IoT'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | none | model: | - | scope: | - | version: | - | Trust: 0.6 |
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2008-1047 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2008-1047 |
LAST UPDATE DATE
2022-05-04T09:53:16.722000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2008-1047 | date: | 2008-02-28T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2008-1047 | date: | 2008-02-27T00:00:00 |