PT-2012-2461 · Cisco · Cisco Linksys Playerpt Activex Control
Published
2012-07-19
·
Updated
2017-08-29
·
CVE-2012-0284
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco Linksys PlayerPT ActiveX control version 1.0.0.15
Description
The issue is related to a stack-based buffer overflow in the SetSource method of the Cisco Linksys PlayerPT ActiveX control. This occurs when a long URL is passed as the first argument, also known as the
sURL argument, allowing remote attackers to execute arbitrary code.Recommendations
For Cisco Linksys PlayerPT ActiveX control version 1.0.0.15, consider disabling the SetSource method until a patch is available to prevent exploitation. Restrict access to the PlayerPT.ocx control to minimize the risk of arbitrary code execution. Avoid using long URLs in the
sURL argument of the SetSource method to mitigate the issue.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Linksys Playerpt Activex Control