PT-2011-4717 · Dvr · Dvr Remote Activex Control

Publicado

2011-11-26

Atualizado

2018-10-09

CVE-2011-3828

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions DVR Remote ActiveX control version 2.1.0.39

Description The issue allows remote attackers to execute arbitrary code via a crafted DVRobot.dll file in a manifest directory on a web server. This is related to the DVRemoteAx.ax component in the DVR Remote ActiveX control.

Recommendations For version 2.1.0.39, consider restricting access to the DVRemoteAx.ax component until a patch is available. As a temporary workaround, avoid using the DVR Remote ActiveX control with untrusted web servers.

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2011-3828

Produtos afetados

Dvr Remote Activex Control

PT-2011-4717 · Dvr · Dvr Remote Activex Control

CVE-2011-3828

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3