CVE-2009-1092 - Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX control in LIVEAU~1.OCX 7.0 fo

CVE-2009-1092

Summary

Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX control in LIVEAU~1.OCX 7.0 for GeoVision DVR systems allows remote attackers to execute arbitrary code by calling the GetAudioPlayingTime method with certain arguments.

References

Vulnerable Configurations

cpe:2.3:a:geovision:liveaudio_activex_control:7.0:*:*:*:*:*:*:*
cpe:2.3:a:geovision:liveaudio_activex_control:7.0:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 10-10-2018 - 19:33)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	34115
bugtraq	20090313 GeoVision LiveAudio ActiveX Control GetAudioPlayingTime() remote freed-memory access exploit
exploit-db	8206
misc	http://retrogod.altervista.org/9sg_geovision_liveaudio_freedmem.html
xf	geovision-liveaudio-activex-dos(49238)

Last major update

10-10-2018 - 19:33

Published

25-03-2009 - 18:30

Last modified

10-10-2018 - 19:33