CVE-2012-0284 – Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT - ActiveX Control PlayerPT.ocx sprintf Buffer Overflow (PoC)

https://notcve.org/view.php?id=CVE-2012-0284

Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attackers to execute arbitrary code via a long URL in the first argument (aka the sURL argument). Un desbordamiento de búfer basado en pila en el método SetSource en el control ActiveX Cisco Linksys PlayerPT v1.0.0.15 en PlayerPT.ocx en la cámara de vídeo de Internet Cisco WVC200 Wireless-G PTZ, permite a atacantes remotos ejecutar código de su elección a través de una URL demasiado larga en el primer argumento (argumento sURL). • https://www.exploit-db.com/exploits/18641 https://www.exploit-db.com/exploits/20202 http://archives.neohapsis.com/archives/bugtraq/2012-07/0113.html http://secunia.com/secunia_research/2012-25 http://www.securityfocus.com/bid/54588 http://www.securitytracker.com/id?1027259 https://exchange.xforce.ibmcloud.com/vulnerabilities/77085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •