CVSS: 7.5EPSS: 71%CPEs: 1EXPL: 0CVE-2015-4647 – Panasonic Security API SDK Ipropsapi ActiveX Control FilePassword Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-4647
Multiple stack-based buffer overflows in Ipropsapi in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allow remote attackers to execute arbitrary code via a long string in the (1) FilePassword property or to the (2) GetStringInfo method. Múltiples desbordamientos de buffer basado en pila en Ipropsapi en Panasonic Security API (PS-API) ActiveX SDK anterior a 8.10.18 permiten a atacantes remotos ejecutar código arbitrario a través de una cadena larga en la (1) propiedad FilePassword o en el (2) método GetStringInfo. This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of the Panasonic Security API SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the FilePassword property. By setting FilePassword to a very large string, an attacker can cause a fixed-length stack buffer to overflow. • http://security.panasonic.com/pss/security/library/developer.html#SDK http://www.securityfocus.com/bid/75409 http://www.zerodayinitiative.com/advisories/ZDI-15-259 http://www.zerodayinitiative.com/advisories/ZDI-15-260 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 90%CPEs: 1EXPL: 0CVE-2015-4648 – Panasonic Security API SDK ipropsapivideo ActiveX Control MulticastAddr Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-4648
Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control in ipropsapivideo in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allows remote attackers to execute arbitrary code via a long string to the MulticastAddr method. Desbordamiento de buffer basado en pila en el control de ActiveX Ipropsapi.ipropsapiCtrl.1 en ipropsapivideo en Panasonic Security API (PS-API) ActiveX SDK anterior a 8.10.18 permite a atacantes remotos ejecutar código arbitrario a través de una cadena larga en el método MulticastAddr. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Security API. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Ipropsapi.ipropsapiCtrl.1 ActiveX control. By passing an overly long string to the MulticastAddr method, an attacker can overflow a buffer on the stack. • http://security.panasonic.com/pss/security/library/developer.html#SDK http://www.securityfocus.com/bid/75405 http://www.zerodayinitiative.com/advisories/ZDI-15-261 • CWE-20: Improper Input Validation •