Check Point Advisories

Update Protection against AXIS Communications Camera Control image_pan_tilt Buffer Overflow

Check Point Reference: CPAI-2009-045
Date Published: 6 Feb 2009
Severity: High
Last Updated: Thursday 01 January, 2009
Source: Secunia Advisory: SA33444 
Industry Reference:CVE-2008-5260
Protection Provided by:
Who is Vulnerable? Axis Communications AXIS Camera Control 2.40.0.0 and prior
Vulnerability Description A buffer overflow vulnerability was reported in the ActiveX Camera Control by AXIS Communications. A remote image/video monitoring solution, AXIS Camera Control is an ActiveX control with multiple functions that can be used over HTTP. The vulnerability is due to a boundary error that can be exploited to execute arbitrary code if the user has visited and clicked a malicious web page.
Update/Patch AvaliableThe vendor recommends removing the ActiveX control and using AXIS Media Control as a replacement.
http://www.axis.com/techsup/software/amc/index.htm
Vulnerability DetailsThe vulnerability is due to a boundary error while parsing the value of image_pan_tilt property of the control. The vulnerable code does not properly validate the length of the string assigned to the property before copying it in a heap-based buffer. As a result of this, attackers can manipulate this property to overflow the buffer

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK