CVE-2008-5674

Name of the Vulnerable Software and Affected Versions webcamXP versions 3.72.440.0 and earlier webcamXP beta versions 4.05.280 and earlier

Description The issue concerns multiple array index errors in the HTTP server of the affected software. These errors can be exploited by remote attackers to cause a denial of service, resulting in a device crash, and to read portions of memory. The exploitation can occur through two specific components: (1) the pocketpc component, which is vulnerable to an invalid camnum parameter, and (2) the show gallery pic component, which is vulnerable to an invalid id parameter.

Recommendations For webcamXP versions 3.72.440.0 and earlier, consider restricting access to the pocketpc and show gallery pic components until a fix is available. For webcamXP beta versions 4.05.280 and earlier, avoid using the camnum parameter in the pocketpc component and the id parameter in the show gallery pic component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.