TRENDnet SecurView UltraMJCam ActiveX Control OpenFileDlg Method WideCharToMultiByte() Call Remote Overflow

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by a
buffer overflow vulnerability.

Description :

The remote host has the TRENDnet SecurView UltraMJCam ActiveX control
installed. A stack-based buffer overflow can be triggered by providing
an overlong argument to the 'OpenFileDlg()' method. This is because
the method does not verify the size of the argument before calling
'WideCharToMultiByte()'.

By tricking a user into opening a specially crafted web page, a
remote, unauthenticated attacker could execute arbitrary code on the
remote host subject to the user's privileges.

See also :

http://retrogod.altervista.org/9sg_trendnet_adv.htm

Solution :

Remove or disable the control as fixes are not available.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.4
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 58597 ()

Bugtraq ID: 52760

CVE ID: CVE-2012-4876

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now