PT-2008-5779 · Dvrhost · Dvrhost Web Cms Ocx

Rgod

Publicado

2008-10-14

Atualizado

2017-09-29

CVE-2008-4547

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions DVRHOST Web CMS OCX version 1.0.1.25

Description The issue is related to a heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control, which is part of the pdvratl.dll file. This allows remote attackers to execute arbitrary code by providing a long second argument to the TimeSpanFormat method.

Recommendations For version 1.0.1.25, as a temporary workaround, consider disabling the TimeSpanFormat method until a patch is available. Restrict access to the pdvratl.dll file to minimize the risk of exploitation. Avoid using the TimeSpanFormat method with long arguments in the affected ActiveX control until the issue is resolved.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2008-4547

Produtos afetados

Dvrhost Web Cms Ocx

PT-2008-5779 · Dvrhost · Dvrhost Web Cms Ocx

CVE-2008-4547

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7