CVE-2014-9263 Information

Feb 14, 2021 cve

Description

Multiple buffer overflows in the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control in 3S Pocketnet Tech VMS allow remote attackers to execute arbitrary code via a crafted string to the (1) StartRecord (2) StartRecordEx (3) StartScheduledRecord (4) SetDisplayText (5) GetONVIFDeviceInformation (6) GetONVIFProfiles or (7) GetONVIFStreamUri method or a crafted filename to the (8) SaveCurrentImage or (9) SaveCurrentImageEx method.

Reference

http://www.securityfocus.com/bid/71488 http://www.zerodayinitiative.com/advisories/ZDI-14-393/ http://www.zerodayinitiative.com/advisories/ZDI-14-394/ http://www.zerodayinitiative.com/advisories/ZDI-14-395/ http://www.zerodayinitiative.com/advisories/ZDI-14-396/ http://www.zerodayinitiative.com/advisories/ZDI-14-397/

Share on: