ACTi.Network.Video.Controller.ActiveX.Controls.Code.Execution
Description
This indicates an attack attempt against a remote Code Execution vulnerability in ACTi Network Video Controller.
The vulnerability is caused by errors in the "nvutility.utility.1" (nvutility.dll) ActiveX control, which does not restrict access to the "savexmlfile()" and "deletexmlfile()" methods. This allows remote attackers to execute arbitrary code, and to overwrite and delete arbitrary files, in the context of applications using the affected ActiveX control.
Affected Products
ACTi Network Video Controller 2.0 SP2
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Currently we are not aware of any vendor supplied patches for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |