CVE-2011-2591

05.08.2011, 21:55

Multiple buffer overflows in the Provideo ActiveX controls allow remote attackers to execute arbitrary code via crafted input fields, as demonstrated by (1) a long strIp argument to the voice method in 2way.dll in the alarm 1.0.3.1 ActiveX control, (2) a network response to AXPlayer.ocx in the GMAXPlayer 2.0.8.2 ActiveX control, the (3) UserName or (4) Password parameter to AXPlayer.ocx in the GMAXPlayer 2.0.8.2 ActiveX control, (5) a long Id parameter to the GetString method in PAxPlayer.ocx in the PAxPlayer 3.0.0.9 ActiveX control, or (6) a long strAdr parameter to the ConnectIPCam method in PAxPlayer.ocx in the PAxPlayer 3.0.0.9 ActiveX control.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:C/I:C/A:C
flexera	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 94%

Vendor	Product	Version
provideo	alarm_activex_control	3.0.0.9
provideo	gmax_activex_control	2.0.8.2
provideo	paxplayer_activex_control	3.0.0.9

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://osvdb.org/74310

http://osvdb.org/74311

http://osvdb.org/74312

http://osvdb.org/74313

http://osvdb.org/74314

http://secunia.com/secunia_research/2011-56/

http://secunia.com/secunia_research/2011-57/

http://secunia.com/secunia_research/2011-58/

http://www.securityfocus.com/bid/48977

http://osvdb.org/74310

http://osvdb.org/74311

http://osvdb.org/74312

http://osvdb.org/74313

http://osvdb.org/74314

http://secunia.com/secunia_research/2011-56/

http://secunia.com/secunia_research/2011-57/

http://secunia.com/secunia_research/2011-58/

http://www.securityfocus.com/bid/48977