Full Disclosure mailing list archives
Re: Secunia Research: AXIS Camera Control"image_pan_tilt" Property Buffer Overflow
From: "Castigliola, Angelo" <ACastigliola () UNUM COM>
Date: Fri, 23 Jan 2009 10:46:48 -0500
There seems to be a lot of security problems with these camera systems being configured incorrectly by vendors setting them up for mom and pop shops and home users. It would be interesting to start looking into this particular problem more closely since nearly all of the camera systems have a web service front end and the manufactures are normally slow to patch and retro-patching camera systems that have already been deployed is rare. I'm considering creating a website to start listing these systems out along with any default logins, google searches, and of course remote and local exploits. I would imagine a lot of the web services are vulnerable to XSS techniques. The mail goal would be to establish a process for responsible disclosure to vendors and customers\public for these types of poorly secured systems. I would appreciate any information anyone may have handy. Send me an email offline. Thanks in advance, Angelo Castigliola III EISRM - Application Security Architecture Unum acastigliola () unum com -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of M.B.Jr. Sent: Friday, January 23, 2009 9:33 AM To: Secunia Research Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Secunia Research: AXIS Camera Control"image_pan_tilt" Property Buffer Overflow So, concerning the exploitation achievement, which would be the worst consequence, forget about that heap memory overflow and just worry about tricking the user into loading malicious web content. Easier, huh? On Fri, Jan 23, 2009 at 6:59 AM, Secunia Research <remove-vuln () secunia com> wrote:
====================================================================== Secunia Research 23/01/2009 - AXIS Camera Control "image_pan_tilt" Property Buffer Overflow - ====================================================================== ====================================================================== 4) Description of Vulnerability The vulnerability is caused due to a boundary error in the CamImage.CamImage.1 ActiveX control (AxisCamControl.ocx) and can be exploited to cause a heap-based buffer overflow by assigning an overly long string to the "image_pan_tilt" property. Successful exploitation allows execution of arbitrary code, but requires that the user is tricked into visiting and clicking a malicious web page. ======================================================================
-- Marcio Barbado, Jr. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Secunia Research: AXIS Camera Control "image_pan_tilt" Property Buffer Overflow Secunia Research (Jan 23)
- Re: Secunia Research: AXIS Camera Control "image_pan_tilt" Property Buffer Overflow The Security Community (Jan 23)
- Re: Secunia Research: AXIS Camera Control "image_pan_tilt" Property Buffer Overflow M.B.Jr. (Jan 23)
- Re: Secunia Research: AXIS Camera Control"image_pan_tilt" Property Buffer Overflow Castigliola, Angelo (Jan 23)