Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4771

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4771
Last Modified 07 Mar 2011 10:13:16
Published 28 Oct 2008 03:20:14
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4771

Summary

Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly other products, allows remote attackers to execute arbitrary code via a long Url property. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • 4xem Vatctrl Class 1.0.0.27

  • 4xem Vatctrl Class 1.0.0.51

  • D-link Mpeg4 Shm Audio Control 1.7.0.5

  • Vivotek Rtsp Mpeg4 Sp Control 2.0.0.39


References

XF - vivotek-rtspvapgdecodernew-activex-bo(40867)

XF - 4xem-vatdecoder-activex-bo(40864)

XF - dlink-vapgdecoder-activex-bo(40863)

VUPEN - ADV-2008-0687

VUPEN - ADV-2008-0686

VUPEN - ADV-2008-0685

BID - 28010

MILW0RM - 5193

SREASON - 4517

SECUNIA - 29146

SECUNIA - 29145

SECUNIA - 29131

OSVDB - 43007

OSVDB - 42378


Last Updated: 27 May 2016 10:48:37