Vulnerabilities > CVE-2007-2239 - Remote Buffer Overflow vulnerability in Axis Camera Control ActiveX Control AxisCamControl.OCX
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument.
Vulnerable Configurations
Nessus
| NASL family | Windows |
| NASL id | AXIS_CAMIMAGE_SAVEBMP_OVERFLOW.NASL |
| description | The remote host contains a version of the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 25161 |
| published | 2007-05-08 |
| reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/25161 |
| title | AXIS Camera Control (aka CamImage) AxisCamControl.ocx ActiveX SaveBMP Method Overflow |
References
- http://osvdb.org/35602
- http://secunia.com/advisories/25093
- http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf
- http://www.kb.cert.org/vuls/id/355809
- http://www.securityfocus.com/bid/23816
- http://www.vupen.com/english/advisories/2007/1663
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34133