DVRemoteAx.ax 220.127.116.11 in the DVR Remote ActiveX control allows remote attackers to execute arbitrary code via a crafted DVRobot.dll file in a manifest directory on a web server.
DVR Remote ActiveX Control is prone to a vulnerability that lets attackers execute arbitrary code.An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.DVR Remote ActiveX Control 18.104.22.168 is vulnerable; other versions may also be affected.
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: firstname.lastname@example.org.
A general exploit technique has been documented by TheLeader and H.D. Moore for the Metasploit Project; please see the references for more information.