Sign-up

ID

VAR-201412-0683


TITLE

Buffer Overflow Vulnerability in Multiple IPUX Network Cameras 'UltraSVCamX.ocx'

Trust: 0.6

sources: CNVD: CNVD-2014-08799

DESCRIPTION

IPUX is a provider of network monitoring solutions. Multiple IPUX network cameras (IPUX ICL5132 and ICL5452) have buffer overflows in their implementation. An attacker could exploit this vulnerability to execute arbitrary code in the context of an affected system. IPUX IP Camera is a webcam device. IPUX IP Camera UltraSVCam ActiveX space 'UltraSVCamX.ocx' has a buffer overflow vulnerability that can cause memory corruption when a large number of bytes are passed to multiple functions in UltraSVCamLib, causing an application to crash or execute arbitrary code. Multiple IPUX IP Camera products are prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will likely result in denial-of-service conditions. IPUX ICL5132 and ICL5452 are vulnerable. The device is H.264 Wired/Wireless IP Camera with 1.3 Mega-pixel sensor.With high performance H.264 video compression, the file size of video stream isextremely reduced, as to optimize the network bandwidth efficiency. It has fullPan/Tilt function and 3X digital zoom feature for a larger space monitoring. Thebuilt-in USB port provides a convenient and portable storage option for local storageof event and schedule recording, especially network disconnected.The UltraSVCam ActiveX Control 'UltraSVCamX.ocx' suffers from a stack bufferoverflow vulnerability when parsing large amount of bytes to several functions inUltraSVCamLib, resulting in memory corruption overwriting several registers includingthe SEH. An attacker can gain access to the system of the affected node and executearbitrary code.<br/><br/>--------------------------------------------------------------------------------<br/><br/><code>(3ef0.3e0c): Access violation - code c0000005 (first chance)<br/>First chance exceptions are reported before any exception handling.<br/>This exception may be expected and handled.<br/>*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\Downloaded Program Files\UltraSVCamX.ocx - <br/>eax=41414149 ebx=00000001 ecx=00003e0c edx=02163f74 esi=41414141 edi=02163f74<br/>eip=77e8466c esp=003eef8c ebp=003eefc0 iopl=0 nv up ei pl zr na pe nc<br/>cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246<br/>ntdll!RtlDeleteCriticalSection+0x77:<br/>77e8466c 833800 cmp dword ptr [eax],0 ds:002b:41414149=????????<br/></code><br/> --------------------------------------------------------------------------------<br/><br/>Tested on: Microsoft Windows 7 Professional SP1 (EN)

Trust: 1.71

sources: CNVD: CNVD-2014-08799 // CNVD: CNVD-2014-08748 // BID: 71403 // BID: 71405 // ZSL: ZSL-2014-5213

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 1.2

sources: CNVD: CNVD-2014-08799 // CNVD: CNVD-2014-08748

AFFECTED PRODUCTS

vendor:ipuxmodel:ip camera icl5452scope: - version: -

Trust: 0.6

vendor:ipuxmodel:ip camera icl5132scope: - version: -

Trust: 0.6

vendor:ipuxmodel:ip camerascope: - version: -

Trust: 0.6

vendor:big good holdingsmodel:ipux clscope:eqversion:bullet type icl5132 (firmware: icl5132 2.0.0-2 20130730 r1112)

Trust: 0.1

vendor:big good holdingsmodel:ipux clscope:eqversion:bullet type icl5452

Trust: 0.1

sources: ZSL: ZSL-2014-5213 // CNVD: CNVD-2014-08799 // CNVD: CNVD-2014-08748

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2014-08799
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2014-08748
value: HIGH

Trust: 0.6

ZSL: ZSL-2014-5213
value: (4/5)

Trust: 0.1

CNVD: CNVD-2014-08799
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2014-08748
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: ZSL: ZSL-2014-5213 // CNVD: CNVD-2014-08799 // CNVD: CNVD-2014-08748

THREAT TYPE

network

Trust: 0.6

sources: BID: 71403 // BID: 71405

TYPE

Input Validation Error

Trust: 0.6

sources: BID: 71403 // BID: 71405

EXPLOIT AVAILABILITY

sources:
            
            
            ZSL: ZSL-2014-5213

EXTERNAL IDS
db:BIDid:71405
Trust: 1.0
db:BIDid:71403
Trust: 1.0
db:ZSLid:ZSL-2014-5213
Trust: 0.7
db:CNVDid:CNVD-2014-08799
Trust: 0.6
db:CNVDid:CNVD-2014-08748
Trust: 0.6
db:PACKETSTORMid:129346
Trust: 0.1
db:EXPLOIT-DBid:35421
Trust: 0.1
db:CXSECURITYid:WLB-2014120006
Trust: 0.1
db:OSVDBid:115369
Trust: 0.1
sources:
            
            
            ZSL: ZSL-2014-5213 // 
            
            
            
            CNVD: CNVD-2014-08799 // 
            
            
            
            CNVD: CNVD-2014-08748 // 
            
            
            
            BID: 71403 // 
            
            
            
            BID: 71405

REFERENCES
url:http://www.securityfocus.com/bid/71403
Trust: 0.7
url:http://www.zeroscience.mk/en/vulnerabilities/zsl-2014-5213.php
Trust: 0.6
url:http://packetstormsecurity.com/files/129346
Trust: 0.1
url:http://cxsecurity.com/issue/wlb-2014120006
Trust: 0.1
url:http://www.exploit-db.com/exploits/35421/
Trust: 0.1
url:http://www.securityfocus.com/bid/71405
Trust: 0.1
url:http://osvdb.org/show/osvdb/115369
Trust: 0.1
sources:
            
            
            ZSL: ZSL-2014-5213 // 
            
            
            
            CNVD: CNVD-2014-08799 // 
            
            
            
            CNVD: CNVD-2014-08748

CREDITS
LiquidWorm
Trust: 0.6
sources:
            
            
            BID: 71403 // 
            
            
            
            BID: 71405

SOURCES
db:ZSLid:ZSL-2014-5213
db:CNVDid:CNVD-2014-08799
db:CNVDid:CNVD-2014-08748
db:BIDid:71403
db:BIDid:71405

LAST UPDATE DATE
2022-10-19T22:41:31.097000+00:00

SOURCES UPDATE DATE
db:ZSLid:ZSL-2014-5213date:2014-12-06T00:00:00
db:CNVDid:CNVD-2014-08799date:2014-12-10T00:00:00
db:CNVDid:CNVD-2014-08748date:2014-12-08T00:00:00
db:BIDid:71403date:2014-12-02T00:00:00
db:BIDid:71405date:2014-12-02T00:00:00

SOURCES RELEASE DATE
db:ZSLid:ZSL-2014-5213date:2014-12-02T00:00:00
db:CNVDid:CNVD-2014-08799date:2014-12-10T00:00:00
db:CNVDid:CNVD-2014-08748date:2014-12-08T00:00:00
db:BIDid:71403date:2014-12-02T00:00:00
db:BIDid:71405date:2014-12-02T00:00:00