Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2591

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-2591
Last Modified 06 Sep 2011 11:17:37
Published 05 Aug 2011 05:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2591

Summary

Multiple buffer overflows in the Provideo ActiveX controls allow remote attackers to execute arbitrary code via crafted input fields, as demonstrated by (1) a long strIp argument to the voice method in 2way.dll in the alarm 1.0.3.1 ActiveX control, (2) a network response to AXPlayer.ocx in the GMAXPlayer 2.0.8.2 ActiveX control, the (3) UserName or (4) Password parameter to AXPlayer.ocx in the GMAXPlayer 2.0.8.2 ActiveX control, (5) a long Id parameter to the GetString method in PAxPlayer.ocx in the PAxPlayer 3.0.0.9 ActiveX control, or (6) a long strAdr parameter to the ConnectIPCam method in PAxPlayer.ocx in the PAxPlayer 3.0.0.9 ActiveX control.

Vulnerable Systems

Application

  • Provideo Alarm Activex Control 3.0.0.9

  • Provideo Gmax Activex Control 2.0.8.2

  • Provideo Paxplayer Activex Control 3.0.0.9


References

BID - 48977

MISC - http://secunia.com/secunia_research/2011-58/

MISC - http://secunia.com/secunia_research/2011-57/

MISC - http://secunia.com/secunia_research/2011-56/

OSVDB - 74314

OSVDB - 74313

OSVDB - 74312

OSVDB - 74311

OSVDB - 74310


Last Updated: 27 May 2016 10:57:03