EvoCam 3.6.6 / 3.6.7 Web Server GET Request Overflow

High Nessus Plugin ID 47682


The remote host has an application that may be susceptible to a remote buffer overflow attack.


The version of EvoCam installed on the Mac OS X host is either 3.6.6 or 3.6.7. Such versions reportedly contain a buffer overflow in the Web Server component.

Using an overly long GET request, an unauthenticated remote attacker may be able to leverage this vulnerability to execute arbitrary code on the remote host subject to the privileges under which the application runs.


Upgrade to EvoCam 3.6.8 or later.

Plugin Details

Severity: High

ID: 47682

File Name: macosx_evocam_3_6_8.nasl

Version: 1.9

Type: local

Agent: macosx

Published: 2010/07/08

Modified: 2017/05/30

Dependencies: 10107, 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

Required KB Items: Host/MacOSX/packages

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/06/02

Vulnerability Publication Date: 2010/06/01

Exploitable With


Core Impact

Metasploit (MacOS X EvoCam HTTP GET Buffer Overflow)

Reference Information

CVE: CVE-2010-2309

BID: 40489

OSVDB: 65043

EDB-ID: 13735