Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5674

Overview

Vulnerability Score 9.4 9.4
CVE Id CVE-2008-5674
Last Modified 19 Sep 2009 01:23:43
Published 18 Dec 2008 08:52:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5674

Summary

Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and read portions of memory via (1) an invalid camnum parameter to the pocketpc component and (2) an invalid id parameter to the show_gallery_pic component.

Vulnerable Systems

Application

  • Darkwet Webcam Xp 1.02.432

  • Darkwet Webcam Xp 1.02.535

  • Darkwet Webcam Xp 1.6.945

  • Darkwet Webcam Xp 2.20

  • Darkwet Webcam Xp 3.72

  • Darkwet Webcam Xp 3.72.440.0


References

BID - 27875

BUGTRAQ - 20080219 Access violation and limited informations disclosure in webcamXP 3.72.440.0

OSVDB - 42928

OSVDB - 42927

SREASON - 4788

SECUNIA - 29007

OSVDB - 42929

MISC - http://aluigi.altervista.org/adv/webcamxp-adv.txt


Last Updated: 27 May 2016 10:48:52