Intrusion Prevention

ACTi.Network.Video.Controller.ActiveX.Controls.Code.Execution

Description

This indicates an attack attempt against a remote Code Execution vulnerability in ACTi Network Video Controller.
The vulnerability is caused by errors in the "nvutility.utility.1" (nvutility.dll) ActiveX control, which does not restrict access to the "savexmlfile()" and "deletexmlfile()" methods. This allows remote attackers to execute arbitrary code, and to overwrite and delete arbitrary files, in the context of applications using the affected ActiveX control.

Affected Products

ACTi Network Video Controller 2.0 SP2

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Currently we are not aware of any vendor supplied patches for this issue.

CVE References

CVE-2007-4583