漏洞类别:Local
漏洞等级: 
漏洞信息
Moxa SoftCMS is a central management software that manages large scale surveillance systems.
Moxa SoftCMS contains the following vulnerabilities:
CVE-2015-6457: The vulnerability exists within the setStreamRecordData, setRecordPrefix, AudioRecord, Open and Open2 methods implemented in the affected software The implementation copies the user-supplied string to a field in a heap-based buffer without validating its size, which can lead to a heap buffer overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
CVE-2015-6458: The vulnerability exists within the AudioRecord method in the RTSPVIDEO ActiveX control. The implementation copies the user-supplied string for the ip parameter to a fixed-size stack buffer without validating its size, which can lead to a stack buffer overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Affected Versions:
Moxa SoftCMS version 1.3 and prior
漏洞危害
Successful exploitation allows remote attackers to execute arbitrary code or cause a denial of service condition on a targeted system.
解决方案
Customers are advised to install Moxa SoftCMS 1.4 or later versions to remediate these vulnerabilities.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论