Dell Webcam Software ActiveX Control CrazyTalk4Native.dll Code Execution
|Check Point Reference:||CPAI-2012-236|
|Source:||Secunia Advisory 48450|
|Protection Provided by:||
Who is Vulnerable?
Dell SX2210 Webcam Monitor RC1.1 R230103
A stack buffer overflow vulnerability has been reported in the Dell Webcam Software ActiveX control.
The vulnerability is due to insufficient validation of certain properties in the ActiveX control. A remote attacker can exploit this issue by enticing a target user to open a specially crafted web page. Successful exploitation could allow an attacker to execute arbitrary code on the target system.
This protection will detect and block attempts to open a malicious web page.
In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.
Security Gateway R75 / R71 / R70
How Can I Protect My Network?
- In the IPS tab, click Protections and find the Dell Webcam Software ActiveX Control CrazyTalk4Native.dll Code Execution protection using the Search tool and Edit the protection's settings.
- Install policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Web Client Enforcement Violation
Attack Information: Dell Webcam Software ActiveX Control CrazyTalk4Native.dll Code Execution