Summary
This host is installed with KingView and is prone to buffer overflow vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
Impact Level: System/Application
Solution
Upgrade KVWebSrv.dll file version to 65.30.2010.18019 For updates refer to http://download.kingview.com/software/kingview%20Chinese%20Version/KVWebSvr.rar
*****
NOTE : Ignore this warning, if above mentioned patch is applied already.
*****
Insight
The flaw exists due to error in 'KVWebSvr.dll' file, when 'ValidateUser' method in an ActiveX component called with an specially crafted argument to cause a stack-based buffer overflow.
Affected
KingView version 6.53 and 6.52
References
Severity
Classification
-
CVE CVE-2011-3142 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Anzio Web Print Object ActiveX Control Remote BOF Vulnerability
- Apple QuickTime Multiple Buffer Overflow Vulnerabilities (Windows)
- ACDSee FotoSlate PLP Multiple Buffer Overflow Vulnerabilities
- Attachmate Reflection FTP Client LIST Command Remote Heap Buffer Overflow Vulnerability
- Adobe Shockwave Player 3D Model Buffer Overflow Vulnerabilities