PT-2009-3670 · Geovision · Liveau~1.Ocx

Nine:Situations:Group

Publicado

2009-03-25

Atualizado

2018-10-10

CVE-2009-1092

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GeoVision DVR systems LIVEAU~1.OCX version 7.0

Description The issue is related to a use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX control. This vulnerability can be exploited by remote attackers to execute arbitrary code. The exploitation involves calling the GetAudioPlayingTime method with certain arguments.

Recommendations For LIVEAU~1.OCX version 7.0, consider disabling the GetAudioPlayingTime method as a temporary workaround until a patch is available. Restrict access to the LIVEAUDIO.LiveAudioCtrl.1 ActiveX control to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

CVE-2009-1092

Produtos afetados

Liveau~1.Ocx

PT-2009-3670 · Geovision · Liveau~1.Ocx

CVE-2009-1092

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6