OSVDB ID: 80661

Title: TRENDnet SecurView TV-IP121WN ActiveX (UltraMJCamX.ocx) OpenFileDlg Method WideCharToMultiByte() Call Remote Overflow

Info

Disclosure

Mar 29, 2012

Discovery

Unknown

Dates

Exploit

Mar 28, 2012

Solution

Unknown

Description

SecurView is prone to an overflow condition related to the UltraMJCamX.ocx ActiveX control making an insecure WideCharToMultiByte() call. The 'OpenFileDlg()' method fails to properly sanitize user-supplied input resulting in a stack-based overflow. With a specially crafted overly long string, a remote attacker can potentially execute arbitrary code.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

TRENDnet

SecurView

v1.0R

References

Exploit Database: 18675 18709
CVE ID: 2012-4876 (see also: NVD)
Secunia Advisory ID: 48601
Bugtraq ID: 52760
Metasploit ID: 80661
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2012-03/0152.html
Packet Storm: http://packetstormsecurity.org/files/111311/TRENDnet-SecurView-TV-IP121WN-Wireless-Internet-Camera-UltraMJCam-Buffer-Overflow.html
http://packetstormsecurity.org/files/111649/TRENDnet-SecurView-Internet-Camera-UltraMJCam-OpenFileDlg-Buffer-Overflow.html
Other Advisory URL: http://retrogod.altervista.org/9sg_trendnet_adv.htm
Vendor URL: http://www.trendnet.com/store/products/proddetail.asp?prod=175_TV-IP121WN&cat=151

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/80661