Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 05/08/2011 Updated: 07/09/2011

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Multiple buffer overflows in the Provideo ActiveX controls allow remote malicious users to execute arbitrary code via crafted input fields, as demonstrated by (1) a long strIp argument to the voice method in 2way.dll in the alarm 1.0.3.1 ActiveX control, (2) a network response to AXPlayer.ocx in the GMAXPlayer 2.0.8.2 ActiveX control, the (3) UserName or (4) Password parameter to AXPlayer.ocx in the GMAXPlayer 2.0.8.2 ActiveX control, (5) a long Id parameter to the GetString method in PAxPlayer.ocx in the PAxPlayer 3.0.0.9 ActiveX control, or (6) a long strAdr parameter to the ConnectIPCam method in PAxPlayer.ocx in the PAxPlayer 3.0.0.9 ActiveX control.

Vulnerable Product	Search on Vulmon	Subscribe to Product
provideo paxplayer activex control 3.0.0.9
provideo gmax activex control 2.0.8.2
provideo alarm activex control 3.0.0.9

CWE-119 http://secunia.com/secunia_research/2011-56/http://secunia.com/secunia_research/2011-58/http://www.securityfocus.com/bid/48977 http://secunia.com/secunia_research/2011-57/http://osvdb.org/74310 http://osvdb.org/74311 http://osvdb.org/74312 http://osvdb.org/74313 http://osvdb.org/74314 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-2591

Vulnerability Summary

References

Vulmon Search

About

Products

Connect