PT-2009-3457 · Geovision · Geovision Livex

Nine:Situations:Group

Published

2009-03-10

Updated

2017-10-19

CVE-2009-0865

CVSS v2.0

8.8

High

Vector

AV:N/AC:M/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions GeoVision LiveX (aka LiveX v8200) versions 8.1.2 through 8.2.0

Description The issue allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the SnapShotToFile method in the GeoVision LiveX ActiveX control, possibly involving the PlayX and SnapShotX methods.

Recommendations For versions 8.1.2 through 8.2.0, consider disabling the SnapShotToFile method until a patch is available. Restrict access to the LIVEX ~1.OCX file to minimize the risk of exploitation. Avoid using the .. (dot dot) sequence in arguments to the SnapShotToFile method until the issue is resolved.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2009-0865

Affected Products

Geovision Livex

PT-2009-3457 · Geovision · Geovision Livex

CVE-2009-0865

Weakness Enumeration

Related Identifiers

Affected Products

References · 5