CVE-2007-3488
Sony Network Camera SNC-P5 1.0 - ActiveX viewer Heap Overflow (PoC)
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method.
Desbordamiento de búfer basado en pila en el control ActiveX view de Sony Network Camera SNC-P5 1.0 permite a atacantes remotos tener impacto desconocido mediante un primer argumento largo al método PrmSetNetworkParam.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-06-29 CVE Reserved
- 2007-06-29 CVE Published
- 2024-03-25 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://jvn.jp/en/jp/JVN16767117/041520/index.html | X_refsource_confirm | |
| http://jvn.jp/en/jp/JVN16767117/index.html | Third Party Advisory | |
| http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000012.html | Third Party Advisory | |
| http://osvdb.org/39479 | Vdb Entry | |
| http://pro.sony.com/bbsc/ssr/cat-securitycameras/resource.downloads.bbsccms-assets-cat-camsec-downloads-AffectedNetworkCameras.shtml | X_refsource_confirm | |
| http://www.securityfocus.com/bid/24684 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35133 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/4120 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sony Search vendor "Sony" | Sony Network Camera Snc-p5 Search vendor "Sony" for product "Sony Network Camera Snc-p5" | 1.0 Search vendor "Sony" for product "Sony Network Camera Snc-p5" and version "1.0" | - |
Affected
| ||||||