D-Link DCS-5605 PTZ ActiveX Control ‘SelectDirectory()’ Method Buffer Overflow Vulnerability

Summary

D-Link DCS-5605 PTZ is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Credit:

The information has been provided by rgod.
The original article can be found at: http://www.securityfocus.com/bid/52769/info


Details

Vulnerable Systems:
 * D-Link DCS-5605 PTZ

An attacker can exploit this issue to execute arbitrary code within the context of the application, typically Internet Explorer, that uses the ActiveX control. Failed exploit attempts will result in denial-of-service conditions

Vendor Status:
D-Link as issued an update for this vulnerablity

Patch Availability:
http://www.d-link.com/products/?pid=771

Disclosure timeline:
Initial disclosure Mar 28 2012

Categories: News