CVE-2012-5306

Summary

CVE	CVE-2012-5306
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2012-10-06 22:55:00 UTC
Updated	2023-04-26 19:36:00 UTC
Description	Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string argument.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	D-link	Camera Stream Client Activex Control	1.0.0.4519	All	All	All
Application	D-link	Camera Stream Client Activex Control	1.0.0.4519	All	All	All
Hardware	D-link	Dcs-5605 Ptz Ip Network Camera	-	All	All	All
Hardware	D-link	Dcs-5605 Ptz Ip Network Camera	-	All	All	All
Application	Dlink	Camera Stream Client Activex Control	1.0.0.4519	All	All	All
Hardware	Dlink	Dcs-5605 Ptz Ip Network Camera	-	All	All	All

References

Reference	Source	Link	Tags
D-Link DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability	EXPLOIT-DB	www.exploit-db.com	Exploit
D-Link DCS-5605 PTZ ActiveX Control 'SelectDirectory()' Method Buffer Overflow Vulnerability	BID	www.securityfocus.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
20120328 D-Link SecuriCam DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability	BUGTRAQ	archives.neohapsis.com	Exploit
80663	OSVDB	osvdb.org
Security Advisory SA48602 - Camera Stream Client ActiveX Control "SetDirectory()" Buffer Overflow - Secunia	SECUNIA	secunia.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.