CVE-2011-2591

Name of the Vulnerable Software and Affected Versions Provideo ActiveX controls versions 1.0.3.1 through 3.0.0.9

Description The issue allows remote attackers to execute arbitrary code via crafted input fields. This can be achieved through multiple buffer overflows, including a long strIp argument to the voice method in 2way.dll, a network response to AXPlayer.ocx, or a long UserName or Password parameter to AXPlayer.ocx. Additionally, a long Id parameter to the GetString method in PAxPlayer.ocx or a long strAdr parameter to the ConnectIPCam method in PAxPlayer.ocx can also be used.

Recommendations For versions 1.0.3.1 through 3.0.0.9, consider disabling the voice method in 2way.dll, restricting access to AXPlayer.ocx, and avoiding the use of the UserName and Password parameters in AXPlayer.ocx until a patch is available. Additionally, restrict the use of the GetString method in PAxPlayer.ocx and the ConnectIPCam method in PAxPlayer.ocx to minimize the risk of exploitation.