CVE-2011-2591

Multiple buffer overflows in the Provideo ActiveX controls allow remote attackers to execute arbitrary code via crafted input fields, as demonstrated by (1) a long strIp argument to the voice method in 2way.dll in the alarm 1.0.3.1 ActiveX control, (2) a network response to AXPlayer.ocx in the GMAXPlayer 2.0.8.2 ActiveX control, the (3) UserName or (4) Password parameter to AXPlayer.ocx in the GMAXPlayer 2.0.8.2 ActiveX control, (5) a long Id parameter to the GetString method in PAxPlayer.ocx in the PAxPlayer 3.0.0.9 ActiveX control, or (6) a long strAdr parameter to the ConnectIPCam method in PAxPlayer.ocx in the PAxPlayer 3.0.0.9 ActiveX control.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:provideo:paxplayer_activex_control:3.0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:provideo:gmax_activex_control:2.0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:provideo:alarm_activex_control:3.0.0.9:*:*:*:*:*:*:*

Information

Published : 2011-08-05 14:55

Updated : 2011-09-06 20:17


NVD link : CVE-2011-2591

Mitre link : CVE-2011-2591


JSON object : View

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

dedicated server usa

Products Affected

provideo

  • alarm_activex_control
  • paxplayer_activex_control
  • gmax_activex_control