DVR Remote ActiveX Control 'DVRobot.dll' DLL Loading Arbitrary Code Execution Vulnerability
BID:50703
Info
DVR Remote ActiveX Control 'DVRobot.dll' DLL Loading Arbitrary Code Execution Vulnerability
| Bugtraq ID: | 50703 |
| Class: | Design Error |
| CVE: |
CVE-2011-3828 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 17 2011 12:00AM |
| Updated: | Nov 17 2011 12:00AM |
| Credit: | Carsten Eiram of Secunia Research. |
| Vulnerable: |
SunPlus Electronics DVR Remote ActiveX Control 2.1.0.39 |
| Not Vulnerable: | |
Discussion
DVR Remote ActiveX Control 'DVRobot.dll' DLL Loading Arbitrary Code Execution Vulnerability
DVR Remote ActiveX Control is prone to a vulnerability that lets attackers execute arbitrary code.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
DVR Remote ActiveX Control 2.1.0.39 is vulnerable; other versions may also be affected.
DVR Remote ActiveX Control is prone to a vulnerability that lets attackers execute arbitrary code.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
DVR Remote ActiveX Control 2.1.0.39 is vulnerable; other versions may also be affected.
Exploit / POC
DVR Remote ActiveX Control 'DVRobot.dll' DLL Loading Arbitrary Code Execution Vulnerability
A general exploit technique has been documented by TheLeader and H.D. Moore for the Metasploit Project; please see the references for more information.
A general exploit technique has been documented by TheLeader and H.D. Moore for the Metasploit Project; please see the references for more information.
Solution / Fix
DVR Remote ActiveX Control 'DVRobot.dll' DLL Loading Arbitrary Code Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
References
DVR Remote ActiveX Control 'DVRobot.dll' DLL Loading Arbitrary Code Execution Vulnerability
References:
References:
- Secunia Research: DVR Remote ActiveX Control DVRobot Library Loading Vulnerabili (Secunia)
- SunPlus Electronics Homepage (SunPlus Electronics Corp)