CVE-2014-8755 – Panasonic Network Camera View GetImageDataPrint Untrusted Pointer Dereference Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2014-8755

Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an arbitrary address in memory." Panasonic Network Camera View 3 y 4 permite a atacantes remotos ejecutar código arbitrario a través de una página manipulada, lo que provoca una referencia a puntero inválida, relacionado con 'la habilidad de anular una dirección arbitraria en la memoria.' This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Network Camera View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the GetImageDataPrint method of the WebVideoCam ActiveX control. The issue lies in the ability to nullify an arbitrary address in memory. • http://security.panasonic.com/pss/security/library/howto_update_NCV.html http://www.zerodayinitiative.com/advisories/ZDI-14-364 • CWE-20: Improper Input Validation •