CVE-2014-9263

Name of the Vulnerable Software and Affected Versions 3S Pocketnet Tech VMS (affected versions not specified)

Description The issue concerns multiple buffer overflows in the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control, allowing remote attackers to execute arbitrary code. This can be achieved via a crafted string to various methods, including StartRecord(), StartRecordEx(), StartScheduledRecord(), SetDisplayText(), GetONVIFDeviceInformation(), GetONVIFProfiles(), and GetONVIFStreamUri(), or a crafted filename to SaveCurrentImage() or SaveCurrentImageEx(). No information is provided about the estimated number of potentially affected devices or real-world incidents.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.