JVNDB-2009-000012

Buffer overflow vulnerability in ActiveX Control for Sony SNC series network cameras

The ActiveX Control for Sony SNC series network cameras contains a heap-based buffer overflow vulnerability.

The ActiveX Control for Sony SNC series network cameras is a software to monitor images over the network using a web browser. This ActiveX Control contains a heap-based buffer overflow vulnerability triggered by the improper processing of some configuration variables.

Sony Corporation

• SNC-CS10 prior to 1.06
• SNC-CS11 prior to 1.06
• SNC-CS50N prior to 2.22
• SNC-CS50P prior to 2.22
• SNC-DF40N prior to 1.18
• SNC-DF40P prior to 1.18
• SNC-DF50N prior to 1.12
• SNC-DF50P prior to 1.12
• SNC-DF70N prior to 1.18
• SNC-DF70P prior to 1.18
• SNC-DF80N prior to 1.12
• SNC-DF80P prior to 1.12
• SNC-DF85N prior to 1.12
• SNC-DF85P prior to 1.12
• SNC-P1 prior to 1.29
• SNC-P5 prior to 1.29
• SNC-RX530N (b) 3.00 or prior to 2.31
• SNC-RX530N (w) 3.00 or prior to 2.31
• SNC-RX530P 3.00 or prior to 2.31
• SNC-RX550N (b) 3.00 or prior to 2.31
• SNC-RX550N (w) 3.00 or prior to 2.31
• SNC-RX550P 3.00 or prior to 2.31
• SNC-RX570N (b) 3.00 or prior to 2.31
• SNC-RX570N (w) 3.00 or prior to 2.31
• SNC-RX570P 3.00 or prior to 2.31
• SNC-RZ25N prior to 1.30
• SNC-RZ25P prior to 1.30
• SNC-RZ50N prior to 2.22
• SNC-RZ50P prior to 2.22

A remote attacker could execute arbitrary code.

[Update the Software]
Update to the latest version according to the information provided by the vendor.

Sony Corporation

• Sony : List of Affected Sony Network Cameras

1. Buffer Errors(CWE-119) [IPA Evaluation]

1. CVE-2007-3488

1. JVN : JVN#16767117
2. National Vulnerability Database (NVD) : CVE-2007-3488
3. IPA SECURITY ALERTS : Security Alert for Vulnerability in Sony SNC Series Network Camera
4. SecurityFocus : 24684
5. ISS X-Force Database : 35133
6. OPEN SOURCE VULNERABILITY DATABASE (OSVDB) : 39479
7. JVN iPedia (Japanese) : JVNDB-2009-000012

• [2009/03/09]
    Web page published