ACTi Network Video Controller Multiple ActiveX Controls Multiple Remote Vulnerabilities
BID:25465
Info
ACTi Network Video Controller Multiple ActiveX Controls Multiple Remote Vulnerabilities
| Bugtraq ID: | 25465 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4583 CVE-2007-4582 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 28 2007 12:00AM |
| Updated: | Jul 05 2016 10:00PM |
| Credit: | shinnai is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
ACTi Network Video Controller 2.0 SP2 |
| Not Vulnerable: | |
Discussion
ACTi Network Video Controller Multiple ActiveX Controls Multiple Remote Vulnerabilities
Network Video Controller ActiveX controls are prone to multiple remote vulnerabilities, including a buffer-overflow issue, an arbitrary-file-overwrite issue, and an arbitrary-file-deletion issue.
Exploiting these issues allows remote attackers to execute arbitrary code and to overwrite and delete arbitrary files in the context of applications using the affected ActiveX control (typically Internet Explorer).
These issues affect Network Video Controller 2.0 SP2; other versions may also be affected.
Network Video Controller ActiveX controls are prone to multiple remote vulnerabilities, including a buffer-overflow issue, an arbitrary-file-overwrite issue, and an arbitrary-file-deletion issue.
Exploiting these issues allows remote attackers to execute arbitrary code and to overwrite and delete arbitrary files in the context of applications using the affected ActiveX control (typically Internet Explorer).
These issues affect Network Video Controller 2.0 SP2; other versions may also be affected.
Exploit / POC
ACTi Network Video Controller Multiple ActiveX Controls Multiple Remote Vulnerabilities
An attacker can exploit these issues by enticing an unsuspecting victim to view a malicious webpage.
The following sample exploits are available:
An attacker can exploit these issues by enticing an unsuspecting victim to view a malicious webpage.
The following sample exploits are available:
Solution / Fix
ACTi Network Video Controller Multiple ActiveX Controls Multiple Remote Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
ACTi Network Video Controller Multiple ActiveX Controls Multiple Remote Vulnerabilities
References:
References:
- ACTi Network Video Recorder Homepage (ACTi)
- Microsoft Knowledge Base Article 240797 (Microsoft)