CVE-2012-0284
Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT - ActiveX Control PlayerPT.ocx sprintf Buffer Overflow (PoC)
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attackers to execute arbitrary code via a long URL in the first argument (aka the sURL argument).
Un desbordamiento de búfer basado en pila en el método SetSource en el control ActiveX Cisco Linksys PlayerPT v1.0.0.15 en PlayerPT.ocx en la cámara de vídeo de Internet Cisco WVC200 Wireless-G PTZ, permite a atacantes remotos ejecutar código de su elección a través de una URL demasiado larga en el primer argumento (argumento sURL).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-12-30 CVE Reserved
- 2012-03-22 First Exploit
- 2012-07-17 CVE Published
- 2024-06-14 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2012-07/0113.html | Broken Link | |
| http://www.securityfocus.com/bid/54588 | Third Party Advisory | |
| http://www.securitytracker.com/id?1027259 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/77085 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/18641 | 2012-03-22 | |
| https://www.exploit-db.com/exploits/20202 | 2012-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/secunia_research/2012-25 | 2017-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Linksys Playerpt Activex Control Search vendor "Cisco" for product "Linksys Playerpt Activex Control" | 1.0.0.15 Search vendor "Cisco" for product "Linksys Playerpt Activex Control" and version "1.0.0.15" | - |
Affected
| in | Cisco Search vendor "Cisco" | Wvc200 Wireless-g Ptz Internet Video Camera Search vendor "Cisco" for product "Wvc200 Wireless-g Ptz Internet Video Camera" | * | - |
Safe
|