Re: Secunia Research: AXIS Camera Control"image_pan_tilt" Property Buffer Overflow

["Castigliola, Angelo" <ACastigliola () UNUM COM>]

There seems to be a lot of security problems with these camera systems
being configured incorrectly by vendors setting them up for mom and pop
shops and home users. It would be interesting to start looking into this
particular problem more closely since nearly all of the camera systems
have a web service front end and the manufactures are normally slow to
patch and retro-patching camera systems that have already been deployed
is rare.

I'm considering creating a website to start listing these systems out
along with any default logins, google searches, and of course remote and
local exploits. I would imagine a lot of the web services are vulnerable
to XSS techniques. The mail goal would be to establish a process for
responsible disclosure to vendors and customers\public for these types
of poorly secured systems.

I would appreciate any information anyone may have handy. Send me an
email offline.

Thanks in advance,
Angelo Castigliola III
EISRM - Application Security Architecture
Unum
acastigliola () unum com


-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of M.B.Jr.
Sent: Friday, January 23, 2009 9:33 AM
To: Secunia Research
Cc: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Secunia Research: AXIS Camera
Control"image_pan_tilt" Property Buffer Overflow

So, concerning the exploitation achievement, which would be the worst
consequence,
forget about that heap memory overflow and just worry about tricking
the user into loading malicious web content.

Easier, huh?





On Fri, Jan 23, 2009 at 6:59 AM, Secunia Research
<remove-vuln () secunia com> wrote:
> ======================================================================
>
>                     Secunia Research 23/01/2009
>
>   - AXIS Camera Control "image_pan_tilt" Property Buffer Overflow -
>
> ======================================================================
> ======================================================================
> 4) Description of Vulnerability
>
> The vulnerability is caused due to a boundary error in the
> CamImage.CamImage.1 ActiveX control (AxisCamControl.ocx) and can be
> exploited to cause a heap-based buffer overflow by assigning an overly
> long string to the "image_pan_tilt" property.
>
> Successful exploitation allows execution of arbitrary code, but
> requires that the user is tricked into visiting and clicking a
> malicious web page.
>
> ======================================================================



-- 
Marcio Barbado, Jr.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/