TRENDnet SecurView UltraMJCam ActiveX Control OpenFileDlg Method WideCharToMultiByte() Call Remote Overflow
High Nessus Plugin ID 58597
SynopsisThe remote Windows host has an ActiveX control that is affected by a buffer overflow vulnerability.
DescriptionThe remote host has the TRENDnet SecurView UltraMJCam ActiveX control installed. A stack-based buffer overflow can be triggered by providing an overlong argument to the 'OpenFileDlg()' method. This is because the method does not verify the size of the argument before calling 'WideCharToMultiByte()'.
By tricking a user into opening a specially crafted web page, a remote, unauthenticated attacker could execute arbitrary code on the remote host subject to the user's privileges.
SolutionRemove or disable the control as fixes are not available.