CVE-2015-6457

Name of the Vulnerable Software and Affected Versions Moxa SoftCMS versions 1.3 and prior

Description The issue is related to a buffer overflow condition that may cause the system to crash or allow remote code execution. Technical details include the exploitation of various components and methods, such as IVLCControl setStreamRecordData, RTSPVIDEO.rtspvideoCtrl.1 Open3, IVLCControl setRecordPrefix, VLCControl setUserInfoData strIP, RTSPVIDEO.rtspvideoCtrl.1 AudioRecord method fullfilename parameter, RTSPVIDEO.rtspvideoCtrl.1 Open and Open2, VLCPlugin ActiveX Control setUserInfoData strUserName, and IVLCControl setConfigPath.

Recommendations For Moxa SoftCMS versions 1.3 and prior, update to version 1.4 or later, as released by Moxa on June 1, 2015, to address the issue. As a temporary workaround, consider disabling the IVLCControl setStreamRecordData, RTSPVIDEO.rtspvideoCtrl.1 Open3, IVLCControl setRecordPrefix, VLCControl setUserInfoData strIP, RTSPVIDEO.rtspvideoCtrl.1 AudioRecord method, RTSPVIDEO.rtspvideoCtrl.1 Open and Open2, VLCPlugin ActiveX Control setUserInfoData strUserName, and IVLCControl setConfigPath functions until a patch is available. Restrict access to the vulnerable components to minimize the risk of exploitation.