Sign-up

ID

VAR-200705-0167


CVE

CVE-2007-2239


TITLE

Axis Communications CamImage ActiveX control stack buffer overflow

Trust: 0.8

sources: CERT/CC: VU#355809

DESCRIPTION

Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument. Axis Camera Control is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Axis Camera Control versions prior to 2.40.0.0 are vulnerable to this issue. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/ The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. The vulnerability is caused due to a boundary error when handling the "SaveBMP()" method and can be exploited to cause a stack-based buffer overflow via an overly long argument. Successful exploitation allows execution of arbitrary code. SOLUTION: Update to version 2.40.0.0 or later. http://www.axis.com/techsup/software/acc/files/AXISCameraControl.zip PROVIDED AND/OR DISCOVERED BY: Will Dormann, CERT/CC. ORIGINAL ADVISORY: Axis Communications: http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf US-CERT VU#355809: http://www.kb.cert.org/vuls/id/355809 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2007-2239 // CERT/CC: VU#355809 // JVNDB: JVNDB-2007-001883 // BID: 23816 // VULHUB: VHN-25601 // PACKETSTORM: 56473

AFFECTED PRODUCTS

vendor:axismodel:2120 network camerascope:lteversion:2.39

Trust: 1.0

vendor:axismodel:2420 network camerascope:lteversion:2.39

Trust: 1.0

vendor:axismodel:2100 network camerascope:lteversion:2.39

Trust: 1.0

vendor:axismodel:2130 ptz network camerascope:lteversion:2.39

Trust: 1.0

vendor:axismodel:2401 video serverscope:lteversion:2.39

Trust: 1.0

vendor:axismodel:panorama ptz camerascope:lteversion:2.39

Trust: 1.0

vendor:axismodel:2110 network camerascope:lteversion:2.39

Trust: 1.0

vendor:axismodel:2411 video serverscope:lteversion:2.39

Trust: 1.0

vendor:axismodel:2400 video serverscope:lteversion:2.39

Trust: 1.0

vendor:axismodel:2420-ir network camerascope:lteversion:2.39

Trust: 1.0

vendor:axismodel: - scope: - version: -

Trust: 0.8

vendor:axismodel:2100 network camerascope:ltversion:2.40.0.0

Trust: 0.8

vendor:axismodel:2110 network camerascope:ltversion:2.40.0.0

Trust: 0.8

vendor:axismodel:2120 network camerascope:ltversion:2.40.0.0

Trust: 0.8

vendor:axismodel:2130 ptz network camerascope:ltversion:2.40.0.0

Trust: 0.8

vendor:axismodel:2400 video serverscope:ltversion:2.40.0.0

Trust: 0.8

vendor:axismodel:2401 video serverscope:ltversion:2.40.0.0

Trust: 0.8

vendor:axismodel:2411 video serverscope:ltversion:2.40.0.0

Trust: 0.8

vendor:axismodel:2420 network camerascope:ltversion:2.40.0.0

Trust: 0.8

vendor:axismodel:2420-ir network camerascope:ltversion:2.40.0.0

Trust: 0.8

vendor:axismodel:panorama ptz camerascope:ltversion:2.40.0.0

Trust: 0.8

vendor:axismodel:2130 ptz network camerascope:eqversion:2.39

Trust: 0.6

vendor:axismodel:2401 video serverscope:eqversion:2.39

Trust: 0.6

vendor:axismodel:2120 network camerascope:eqversion:2.39

Trust: 0.6

vendor:axismodel:panorama ptz camerascope:eqversion:2.39

Trust: 0.6

vendor:axismodel:2411 video serverscope:eqversion:2.39

Trust: 0.6

vendor:axismodel:2100 network camerascope:eqversion:2.39

Trust: 0.6

vendor:axismodel:2420 network camerascope:eqversion:2.39

Trust: 0.6

vendor:axismodel:2420-ir network camerascope:eqversion:2.39

Trust: 0.6

vendor:axismodel:2400 video serverscope:eqversion:2.39

Trust: 0.6

vendor:axismodel:2110 network camerascope:eqversion:2.39

Trust: 0.6

vendor:axismodel:communications camera controlscope:eqversion:0

Trust: 0.3

vendor:axismodel:communications camera controlscope:neversion:2.40.0

Trust: 0.3

sources: CERT/CC: VU#355809 // BID: 23816 // JVNDB: JVNDB-2007-001883 // CNNVD: CNNVD-200705-093 // NVD: CVE-2007-2239

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-2239
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#355809
value: 7.75

Trust: 0.8

NVD: CVE-2007-2239
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200705-093
value: CRITICAL

Trust: 0.6

VULHUB: VHN-25601
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-2239
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-25601
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#355809 // VULHUB: VHN-25601 // JVNDB: JVNDB-2007-001883 // CNNVD: CNNVD-200705-093 // NVD: CVE-2007-2239

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-2239

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200705-093

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200705-093

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-001883

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-25601

PATCH
title:Top Pageurl:http://www.axis.com/techsup/software/acc/index.htm
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-001883

EXTERNAL IDS
db:CERT/CCid:VU#355809
Trust: 3.7
db:NVDid:CVE-2007-2239
Trust: 2.8
db:SECUNIAid:25093
Trust: 2.7
db:BIDid:23816
Trust: 2.0
db:OSVDBid:35602
Trust: 1.7
db:VUPENid:ADV-2007-1663
Trust: 1.7
db:JVNDBid:JVNDB-2007-001883
Trust: 0.8
db:CNNVDid:CNNVD-200705-093
Trust: 0.7
db:XFid:34133
Trust: 0.6
db:EXPLOIT-DBid:4143
Trust: 0.1
db:VULHUBid:VHN-25601
Trust: 0.1
db:PACKETSTORMid:56473
Trust: 0.1
sources:
            
            
            CERT/CC: VU#355809 // 
            
            
            
            VULHUB: VHN-25601 // 
            
            
            
            BID: 23816 // 
            
            
            
            JVNDB: JVNDB-2007-001883 // 
            
            
            
            PACKETSTORM: 56473 // 
            
            
            
            CNNVD: CNNVD-200705-093 // 
            
            
            
            NVD: CVE-2007-2239

REFERENCES
url:http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdf
Trust: 2.9
url:http://www.kb.cert.org/vuls/id/355809
Trust: 2.9
url:http://secunia.com/advisories/25093/
Trust: 1.7
url:http://www.securityfocus.com/bid/23816
Trust: 1.7
url:http://osvdb.org/35602
Trust: 1.7
url:http://secunia.com/advisories/25093
Trust: 1.7
url:http://support.microsoft.com/kb/240797
Trust: 1.1
url:http://www.vupen.com/english/advisories/2007/1663
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/34133
Trust: 1.1
url:http://www.axis.com/techsup/software/acc/index.htm
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2239
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2239
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/34133
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2007/1663
Trust: 0.6
url:http://www.se.axis.com/techsup/cdsrv/storpoint_cd/index.html
Trust: 0.3
url:http://www.axis.com/products/camera_servers/index.htm
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/network_software_inspector/
Trust: 0.1
url:http://www.axis.com/techsup/software/acc/files/axiscameracontrol.zip
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/14131/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#355809 // 
            
            
            
            VULHUB: VHN-25601 // 
            
            
            
            BID: 23816 // 
            
            
            
            JVNDB: JVNDB-2007-001883 // 
            
            
            
            PACKETSTORM: 56473 // 
            
            
            
            CNNVD: CNNVD-200705-093 // 
            
            
            
            NVD: CVE-2007-2239

CREDITS
Will Dormann of CERT/CC discovered this issue.
Trust: 0.9
sources:
            
            
            BID: 23816 // 
            
            
            
            CNNVD: CNNVD-200705-093

SOURCES
db:CERT/CCid:VU#355809
db:VULHUBid:VHN-25601
db:BIDid:23816
db:JVNDBid:JVNDB-2007-001883
db:PACKETSTORMid:56473
db:CNNVDid:CNNVD-200705-093
db:NVDid:CVE-2007-2239

LAST UPDATE DATE
2024-11-23T22:24:13.848000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#355809date:2007-06-14T00:00:00
db:VULHUBid:VHN-25601date:2017-07-29T00:00:00
db:BIDid:23816date:2007-07-03T22:37:00
db:JVNDBid:JVNDB-2007-001883date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200705-093date:2007-05-14T00:00:00
db:NVDid:CVE-2007-2239date:2024-11-21T00:30:16.383

SOURCES RELEASE DATE
db:CERT/CCid:VU#355809date:2007-05-04T00:00:00
db:VULHUBid:VHN-25601date:2007-05-07T00:00:00
db:BIDid:23816date:2007-05-04T00:00:00
db:JVNDBid:JVNDB-2007-001883date:2012-06-26T00:00:00
db:PACKETSTORMid:56473date:2007-05-04T15:30:32
db:CNNVDid:CNNVD-200705-093date:2007-05-07T00:00:00
db:NVDid:CVE-2007-2239date:2007-05-07T19:19:00