Cisco Linksys PlayerPT ActiveX Control ‘SetSource()’ Buffer Overflow Vulnerability

Summary

Cisco Linksys PlayerPT ActiveX Control is prone to a buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input.

Credit:

The original article can be found at: http://www.securityfocus.com/bid/54588
The information has been provided by Carsten Eiram .


Details

Vulnerable Systems:
 *Cisco Wireless-G PTZ Internet Video Camera WVC200 0

An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
Cisco Linksys PlayerPT 1.0.0.15 is vulnerable; other versions may also be affected.

Vendor Status:
Vendor as issued an updated vulnerability.

CVE Information:
CVE-2012-0284

Disclosure Timeline:
Initial Release:Jul 10 2012

Categories: News