PT-2008-5779 · Dvrhost · Dvrhost Web Cms Ocx

Rgod

Published

2008-10-14

Updated

2017-09-29

CVE-2008-4547

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions DVRHOST Web CMS OCX version 1.0.1.25

Description The issue is related to a heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control, which is part of the pdvratl.dll file. This allows remote attackers to execute arbitrary code by providing a long second argument to the TimeSpanFormat method.

Recommendations For version 1.0.1.25, as a temporary workaround, consider disabling the TimeSpanFormat method until a patch is available. Restrict access to the pdvratl.dll file to minimize the risk of exploitation. Avoid using the TimeSpanFormat method with long arguments in the affected ActiveX control until the issue is resolved.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2008-4547

Affected Products

Dvrhost Web Cms Ocx

PT-2008-5779 · Dvrhost · Dvrhost Web Cms Ocx

CVE-2008-4547

Weakness Enumeration

Related Identifiers

Affected Products

References · 7