VAR-201210-0439
Vulnerability from variot - Updated: 2025-04-11 19:48Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string argument. The D-Link DCS-5605 is a webcam product for remote monitoring. When browsing the device WEB interface, the user will be asked to install the Active control to view the video stream content. The control contained in the DcsCliCtrl.dll uses the unsafe SelectDirectory() method. Since DcsCliCtrl.dll is called with an unsafe lstrcpyW() call, Special parameters trigger a stack-based buffer overflow. D-Link DCS-5605 PTZ is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of the application, typically Internet Explorer, that uses the ActiveX control. Failed exploit attempts will result in denial-of-service conditions. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Camera Stream Client ActiveX Control "SetDirectory()" Buffer Overflow
SECUNIA ADVISORY ID: SA48602
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48602/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48602
RELEASE DATE: 2012-03-29
DISCUSS ADVISORY: http://secunia.com/advisories/48602/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48602/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48602
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Andrea Micalizzi has discovered a vulnerability in Camera Stream Client ActiveX Control, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error when handling the "SetDirectory()" method and can be exploited to cause a stack-based buffer overflow by passing an overly long argument.
Successful exploitation allows execution of arbitrary code, but requires users to click "OK" to select a directory in the displayed "Browse for Folder" dialog box instead of "Cancel".
The vulnerability is confirmed in version 1.0.0.4519 bundled with DCS-5605 firmware 1.02 and version 1.0.0.4617 bundled with D-Link DCS-2102 firmware 1.05. Other versions may also be affected.
SOLUTION: Set the kill-bit for the affected ActiveX control.
PROVIDED AND/OR DISCOVERED BY: Andrea Micalizzi (rgod)
ORIGINAL ADVISORY: http://retrogod.altervista.org/9sg_dlink_adv.htm
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201210-0439",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dcs-5605 ptz ip network camera",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "camera stream client activex control",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.0.0.4519"
},
{
"model": "dcs-5605 ptz",
"scope": "eq",
"trust": 0.9,
"vendor": "d link",
"version": "0"
},
{
"model": "camera stream client activex control",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5605",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dcs-5605 ptz ip network camera",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "camera stream client activex control",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.0.0.4519"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-1651"
},
{
"db": "BID",
"id": "52769"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004767"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-543"
},
{
"db": "NVD",
"id": "CVE-2012-5306"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:d-link:camera_stream_client_activex_control",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dcs-5605_ptz_ip_network_camera",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004767"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "BID",
"id": "52769"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-543"
}
],
"trust": 0.9
},
"cve": "CVE-2012-5306",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-5306",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-58587",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-5306",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-5306",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-543",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-58587",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58587"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004767"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-543"
},
{
"db": "NVD",
"id": "CVE-2012-5306"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string argument. The D-Link DCS-5605 is a webcam product for remote monitoring. When browsing the device WEB interface, the user will be asked to install the Active control to view the video stream content. The control contained in the DcsCliCtrl.dll uses the unsafe SelectDirectory() method. Since DcsCliCtrl.dll is called with an unsafe lstrcpyW() call, Special parameters trigger a stack-based buffer overflow. D-Link DCS-5605 PTZ is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. \nAn attacker can exploit this issue to execute arbitrary code within the context of the application, typically Internet Explorer, that uses the ActiveX control. Failed exploit attempts will result in denial-of-service conditions. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R\u0026D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nCamera Stream Client ActiveX Control \"SetDirectory()\" Buffer Overflow\n\nSECUNIA ADVISORY ID:\nSA48602\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48602/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48602\n\nRELEASE DATE:\n2012-03-29\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48602/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48602/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48602\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nAndrea Micalizzi has discovered a vulnerability in Camera Stream\nClient ActiveX Control, which can be exploited by malicious people to\ncompromise a user\u0027s system. \n\nThe vulnerability is caused due to a boundary error when handling the\n\"SetDirectory()\" method and can be exploited to cause a stack-based\nbuffer overflow by passing an overly long argument. \n\nSuccessful exploitation allows execution of arbitrary code, but\nrequires users to click \"OK\" to select a directory in the displayed\n\"Browse for Folder\" dialog box instead of \"Cancel\". \n\nThe vulnerability is confirmed in version 1.0.0.4519 bundled with\nDCS-5605 firmware 1.02 and version 1.0.0.4617 bundled with D-Link\nDCS-2102 firmware 1.05. Other versions may also be affected. \n\nSOLUTION:\nSet the kill-bit for the affected ActiveX control. \n\nPROVIDED AND/OR DISCOVERED BY:\nAndrea Micalizzi (rgod)\n\nORIGINAL ADVISORY:\nhttp://retrogod.altervista.org/9sg_dlink_adv.htm\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-5306"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004767"
},
{
"db": "CNVD",
"id": "CNVD-2012-1651"
},
{
"db": "BID",
"id": "52769"
},
{
"db": "VULHUB",
"id": "VHN-58587"
},
{
"db": "PACKETSTORM",
"id": "111380"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-58587",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58587"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-5306",
"trust": 2.9
},
{
"db": "BID",
"id": "52769",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "48602",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "18673",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "80663",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004767",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-543",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2012-1651",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-72731",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-58587",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111380",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2012-1651"
},
{
"db": "VULHUB",
"id": "VHN-58587"
},
{
"db": "BID",
"id": "52769"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004767"
},
{
"db": "PACKETSTORM",
"id": "111380"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-543"
},
{
"db": "NVD",
"id": "CVE-2012-5306"
}
]
},
"id": "VAR-201210-0439",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2012-1651"
},
{
"db": "VULHUB",
"id": "VHN-58587"
}
],
"trust": 1.55
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"camera device"
],
"sub_category": "IP camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2012-1651"
}
]
},
"last_update_date": "2025-04-11T19:48:22.058000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DCS-5605",
"trust": 0.8,
"url": "http://www.dlink.com/us/en/business-solutions/ip-surveillance/business-ip-cameras/ptz-cameras/dcs-5605-securicam-h-264-ptz-network-camera"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004767"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58587"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004767"
},
{
"db": "NVD",
"id": "CVE-2012-5306"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/52769"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0154.html"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/18673"
},
{
"trust": 1.7,
"url": "http://osvdb.org/80663"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48602"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74447"
},
{
"trust": 1.0,
"url": "http://retrogod.altervista.org/9sg_dlink_adv.htm"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5306"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5306"
},
{
"trust": 0.3,
"url": "http://www.d-link.com"
},
{
"trust": 0.3,
"url": "http://www.d-link.com/products/?pid=771"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48602"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48602/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48602/"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2012-1651"
},
{
"db": "VULHUB",
"id": "VHN-58587"
},
{
"db": "BID",
"id": "52769"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004767"
},
{
"db": "PACKETSTORM",
"id": "111380"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-543"
},
{
"db": "NVD",
"id": "CVE-2012-5306"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2012-1651"
},
{
"db": "VULHUB",
"id": "VHN-58587"
},
{
"db": "BID",
"id": "52769"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004767"
},
{
"db": "PACKETSTORM",
"id": "111380"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-543"
},
{
"db": "NVD",
"id": "CVE-2012-5306"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-1651"
},
{
"date": "2012-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-58587"
},
{
"date": "2012-03-28T00:00:00",
"db": "BID",
"id": "52769"
},
{
"date": "2012-10-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004767"
},
{
"date": "2012-03-30T01:49:18",
"db": "PACKETSTORM",
"id": "111380"
},
{
"date": "2012-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-543"
},
{
"date": "2012-10-06T22:55:02.307000",
"db": "NVD",
"id": "CVE-2012-5306"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-1651"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-58587"
},
{
"date": "2012-10-10T18:10:00",
"db": "BID",
"id": "52769"
},
{
"date": "2012-10-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004767"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-543"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-5306"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-543"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DCS-5605 PTZ ActiveX Control \u0027SelectDirectory()\u0027 Method Buffer Overflow Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-1651"
},
{
"db": "BID",
"id": "52769"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-543"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…