Cisco Linksys PlayerPT ActiveX Control SetSource() Multiple Overflows

High Nessus Plugin ID 60107


The remote Windows host has an ActiveX control that is affected by multiple buffer overflow vulnerabilities.


The Cisco Linksys PlayerPT ActiveX Control is installed on the remote Windows host. The installed version of the control is affected by the following buffer overflow vulnerabilities in the SetSource() method :

- The 'base64string' argument is not properly sanitized.
(EBD-ID #18641)

- The 'sURL' argument is not properly sanitized if the 'sFrameType' argument is set to 'mpeg'.

By tricking a victim into visiting a specially crafted page, an attacker may be able to execute arbitrary code on the host.


Set the kill bit for the control as there is no fix at the time of this writing.

See Also

Plugin Details

Severity: High

ID: 60107

File Name: cisco_linksys_playerpt_activex_bof.nasl

Version: $Revision: 1.12 $

Type: local

Agent: windows

Family: Windows

Published: 2012/07/24

Modified: 2017/05/10

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:linksys_playerpt_activex_control

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2012/03/22

Exploitable With

Core Impact

Metasploit (Cisco Linksys PlayerPT ActiveX Control SetSource sURL Argument Buffer Overflow)

ExploitHub (EH-12-998)

Reference Information

CVE: CVE-2012-0284

BID: 54588

OSVDB: 80297, 84309

EDB-ID: 18641

Secunia: 48543