• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Various IP Security Camera ActiveX Controls 'url' Attribute Buffer Overflow Vulnerability

Various IP Security Camera ActiveX controls are prone to a remote buffer-overflow vulnerability because the applications fail to properly bounds-check user-supplied data before copying it into insufficiently sized memory buffers.

Exploiting this issue may allow remote attackers to execute arbitrary code in the context of applications that use the affected ActiveX control (typically Internet Explorer) and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.

This issue affects the following ActiveX controls:

D-Link MPEG4 SHM Audio Control ('VAPGDecoder.dll') 1.7.0.5.
4XEM VatCtrl Class ('VATDecoder.dll') 1.0.0.51.
Vivotek RTSP MPEG4 SP Control ('RtspVapgDecoderNew.dll') 2.0.0.39.

UPDATE (March 25, 2008): D-Link MPEG4 SHM Audio Control ('VAPGDecoder.dll') 1.7.0.5 identified by CLSID: A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C is being actively exploited in the wild.