CVE-2009-1092

EUVD-2009-1093
Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX control in LIVEAU~1.OCX 7.0 for GeoVision DVR systems allows remote attackers to execute arbitrary code by calling the GetAudioPlayingTime method with certain arguments.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
geovisionliveaudio_activex_control
7.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://retrogod.altervista.org/9sg_geovision_liveaudio_freedmem.html
http://www.securityfocus.com/archive/1/501773/100/0/threaded
http://www.securityfocus.com/bid/34115
https://exchange.xforce.ibmcloud.com/vulnerabilities/49238
https://www.exploit-db.com/exploits/8206
http://retrogod.altervista.org/9sg_geovision_liveaudio_freedmem.html
http://www.securityfocus.com/archive/1/501773/100/0/threaded
http://www.securityfocus.com/bid/34115
https://exchange.xforce.ibmcloud.com/vulnerabilities/49238
https://www.exploit-db.com/exploits/8206