VAR-201412-0683
Vulnerability from variot - Updated: 2022-10-19 22:41IPUX is a provider of network monitoring solutions. Multiple IPUX network cameras (IPUX ICL5132 and ICL5452) have buffer overflows in their implementation. An attacker could exploit this vulnerability to execute arbitrary code in the context of an affected system. IPUX IP Camera is a webcam device. IPUX IP Camera UltraSVCam ActiveX space 'UltraSVCamX.ocx' has a buffer overflow vulnerability that can cause memory corruption when a large number of bytes are passed to multiple functions in UltraSVCamLib, causing an application to crash or execute arbitrary code. Multiple IPUX IP Camera products are prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will likely result in denial-of-service conditions.
IPUX ICL5132 and ICL5452 are vulnerable. The device is H.264 Wired/Wireless IP Camera with 1.3 Mega-pixel sensor.With high performance H.264 video compression, the file size of video stream isextremely reduced, as to optimize the network bandwidth efficiency. It has fullPan/Tilt function and 3X digital zoom feature for a larger space monitoring. Thebuilt-in USB port provides a convenient and portable storage option for local storageof event and schedule recording, especially network disconnected.The UltraSVCam ActiveX Control 'UltraSVCamX.ocx' suffers from a stack bufferoverflow vulnerability when parsing large amount of bytes to several functions inUltraSVCamLib, resulting in memory corruption overwriting several registers includingthe SEH. An attacker can gain access to the system of the affected node and executearbitrary code.
--------------------------------------------------------------------------------(3ef0.3e0c): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\Downloaded Program Files\UltraSVCamX.ocx -
eax=41414149 ebx=00000001 ecx=00003e0c edx=02163f74 esi=41414141 edi=02163f74
eip=77e8466c esp=003eef8c ebp=003eefc0 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
ntdll!RtlDeleteCriticalSection+0x77:
77e8466c 833800 cmp dword ptr [eax],0 ds:002b:41414149=????????
--------------------------------------------------------------------------------
Tested on: Microsoft Windows 7 Professional SP1 (EN)
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0683",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ip camera icl5452",
"scope": null,
"trust": 0.6,
"vendor": "ipux",
"version": null
},
{
"model": "ip camera icl5132",
"scope": null,
"trust": 0.6,
"vendor": "ipux",
"version": null
},
{
"model": "ip camera",
"scope": null,
"trust": 0.6,
"vendor": "ipux",
"version": null
},
{
"model": "ipux cl",
"scope": "eq",
"trust": 0.1,
"vendor": "big good holdings",
"version": "bullet type icl5132 (firmware: icl5132 2.0.0-2 20130730 r1112)"
},
{
"model": "ipux cl",
"scope": "eq",
"trust": 0.1,
"vendor": "big good holdings",
"version": "bullet type icl5452"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5213"
},
{
"db": "CNVD",
"id": "CNVD-2014-08799"
},
{
"db": "CNVD",
"id": "CNVD-2014-08748"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LiquidWorm",
"sources": [
{
"db": "BID",
"id": "71403"
},
{
"db": "BID",
"id": "71405"
}
],
"trust": 0.6
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-08799",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-08748",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2014-08799",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-08748",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2014-5213",
"trust": 0.1,
"value": "(4/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5213"
},
{
"db": "CNVD",
"id": "CNVD-2014-08799"
},
{
"db": "CNVD",
"id": "CNVD-2014-08748"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IPUX is a provider of network monitoring solutions. Multiple IPUX network cameras (IPUX ICL5132 and ICL5452) have buffer overflows in their implementation. An attacker could exploit this vulnerability to execute arbitrary code in the context of an affected system. IPUX IP Camera is a webcam device. IPUX IP Camera UltraSVCam ActiveX space \u0027UltraSVCamX.ocx\u0027 has a buffer overflow vulnerability that can cause memory corruption when a large number of bytes are passed to multiple functions in UltraSVCamLib, causing an application to crash or execute arbitrary code. Multiple IPUX IP Camera products are prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will likely result in denial-of-service conditions. \nIPUX ICL5132 and ICL5452 are vulnerable. The device is H.264 Wired/Wireless IP Camera with 1.3 Mega-pixel sensor.With high performance H.264 video compression, the file size of video stream isextremely reduced, as to optimize the network bandwidth efficiency. It has fullPan/Tilt function and 3X digital zoom feature for a larger space monitoring. Thebuilt-in USB port provides a convenient and portable storage option for local storageof event and schedule recording, especially network disconnected.The UltraSVCam ActiveX Control \u0027UltraSVCamX.ocx\u0027 suffers from a stack bufferoverflow vulnerability when parsing large amount of bytes to several functions inUltraSVCamLib, resulting in memory corruption overwriting several registers includingthe SEH. An attacker can gain access to the system of the affected node and executearbitrary code.\u003cbr/\u003e\u003cbr/\u003e--------------------------------------------------------------------------------\u003cbr/\u003e\u003cbr/\u003e\u003ccode\u003e(3ef0.3e0c): Access violation - code c0000005 (first chance)\u003cbr/\u003eFirst chance exceptions are reported before any exception handling.\u003cbr/\u003eThis exception may be expected and handled.\u003cbr/\u003e*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\\Windows\\Downloaded Program Files\\UltraSVCamX.ocx - \u003cbr/\u003eeax=41414149 ebx=00000001 ecx=00003e0c edx=02163f74 esi=41414141 edi=02163f74\u003cbr/\u003eeip=77e8466c esp=003eef8c ebp=003eefc0 iopl=0 nv up ei pl zr na pe nc\u003cbr/\u003ecs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246\u003cbr/\u003entdll!RtlDeleteCriticalSection+0x77:\u003cbr/\u003e77e8466c 833800 cmp dword ptr [eax],0 ds:002b:41414149=????????\u003cbr/\u003e\u003c/code\u003e\u003cbr/\u003e\t--------------------------------------------------------------------------------\u003cbr/\u003e\u003cbr/\u003eTested on: Microsoft Windows 7 Professional SP1 (EN)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08799"
},
{
"db": "CNVD",
"id": "CNVD-2014-08748"
},
{
"db": "BID",
"id": "71403"
},
{
"db": "BID",
"id": "71405"
},
{
"db": "ZSL",
"id": "ZSL-2014-5213"
}
],
"trust": 1.71
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "http://www.fitivision.com",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5213"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "71405",
"trust": 1.0
},
{
"db": "BID",
"id": "71403",
"trust": 1.0
},
{
"db": "ZSL",
"id": "ZSL-2014-5213",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-08799",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2014-08748",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "129346",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "35421",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2014120006",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "115369",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5213"
},
{
"db": "CNVD",
"id": "CNVD-2014-08799"
},
{
"db": "CNVD",
"id": "CNVD-2014-08748"
},
{
"db": "BID",
"id": "71403"
},
{
"db": "BID",
"id": "71405"
}
]
},
"id": "VAR-201412-0683",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08799"
},
{
"db": "CNVD",
"id": "CNVD-2014-08748"
}
],
"trust": 2.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08799"
},
{
"db": "CNVD",
"id": "CNVD-2014-08748"
}
]
},
"last_update_date": "2022-10-19T22:41:31.097000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/71403"
},
{
"trust": 0.6,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2014-5213.php"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.com/files/129346"
},
{
"trust": 0.1,
"url": "http://cxsecurity.com/issue/wlb-2014120006"
},
{
"trust": 0.1,
"url": "http://www.exploit-db.com/exploits/35421/"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/bid/71405"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/115369"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5213"
},
{
"db": "CNVD",
"id": "CNVD-2014-08799"
},
{
"db": "CNVD",
"id": "CNVD-2014-08748"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2014-5213"
},
{
"db": "CNVD",
"id": "CNVD-2014-08799"
},
{
"db": "CNVD",
"id": "CNVD-2014-08748"
},
{
"db": "BID",
"id": "71403"
},
{
"db": "BID",
"id": "71405"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-02T00:00:00",
"db": "ZSL",
"id": "ZSL-2014-5213"
},
{
"date": "2014-12-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08799"
},
{
"date": "2014-12-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08748"
},
{
"date": "2014-12-02T00:00:00",
"db": "BID",
"id": "71403"
},
{
"date": "2014-12-02T00:00:00",
"db": "BID",
"id": "71405"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-06T00:00:00",
"db": "ZSL",
"id": "ZSL-2014-5213"
},
{
"date": "2014-12-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08799"
},
{
"date": "2014-12-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08748"
},
{
"date": "2014-12-02T00:00:00",
"db": "BID",
"id": "71403"
},
{
"date": "2014-12-02T00:00:00",
"db": "BID",
"id": "71405"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "71403"
},
{
"db": "BID",
"id": "71405"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer Overflow Vulnerability in Multiple IPUX Network Cameras \u0027UltraSVCamX.ocx\u0027",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08799"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "71403"
},
{
"db": "BID",
"id": "71405"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…