PT-2009-3457 · Geovision · Geovision Livex

Nine:Situations:Group

Publicado

2009-03-10

Atualizado

2017-10-19

CVE-2009-0865

CVSS v2.0

8.8

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions GeoVision LiveX (aka LiveX v8200) versions 8.1.2 through 8.2.0

Description The issue allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the SnapShotToFile method in the GeoVision LiveX ActiveX control, possibly involving the PlayX and SnapShotX methods.

Recommendations For versions 8.1.2 through 8.2.0, consider disabling the SnapShotToFile method until a patch is available. Restrict access to the LIVEX ~1.OCX file to minimize the risk of exploitation. Avoid using the .. (dot dot) sequence in arguments to the SnapShotToFile method until the issue is resolved.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2009-0865

Produtos afetados

Geovision Livex

PT-2009-3457 · Geovision · Geovision Livex

CVE-2009-0865

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5