Stack-based Buffer Overflow in Moxa SoftCMS ActiveX Control
CVE-2015-1000

Currently unrated

Key Information:

Vendor: Moxa
Status: Softcms
Vendor: CVE Published:; 5 June 2015

Summary

A stack-based buffer overflow exists in the OpenForIPCamTest method of the RTSPVIDEO.rtspvideoCtrl.1 ActiveX control in Moxa SoftCMS prior to version 1.3. This vulnerability allows remote attackers to execute arbitrary code by manipulating the StrRtspPath parameter. If successfully exploited, this could lead to unauthorized actions on the affected system, severely compromising security.

References

http://zerodayinitiative.com/advisories/ZDI-15-120/

x_refsource_MISC

https://ics-cert.us-cert.gov/advisories/ICSA-15-153-02

x_refsource_MISC

http://www.securityfocus.com/bid/74966

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jun 5, 2015
Vulnerability Reserved
Jan 10, 2015