PT-2012-2461 · Cisco · Cisco Linksys Playerpt Activex Control

Publicado

2012-07-19

Atualizado

2017-08-29

CVE-2012-0284

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Linksys PlayerPT ActiveX control version 1.0.0.15

Description The issue is related to a stack-based buffer overflow in the SetSource method of the Cisco Linksys PlayerPT ActiveX control. This occurs when a long URL is passed as the first argument, also known as the sURL argument, allowing remote attackers to execute arbitrary code.

Recommendations For Cisco Linksys PlayerPT ActiveX control version 1.0.0.15, consider disabling the SetSource method until a patch is available to prevent exploitation. Restrict access to the PlayerPT.ocx control to minimize the risk of arbitrary code execution. Avoid using long URLs in the sURL argument of the SetSource method to mitigate the issue.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2012-0284

Produtos afetados

Cisco Linksys Playerpt Activex Control

PT-2012-2461 · Cisco · Cisco Linksys Playerpt Activex Control

CVE-2012-0284

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10