Vulnerability Description
Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Axis | 2100 Network Camera | <= 2.39 |
| Axis | 2110 Network Camera | <= 2.39 |
| Axis | 2120 Network Camera | <= 2.39 |
| Axis | 2130 Ptz Network Camera | <= 2.39 |
| Axis | 2400 Video Server | <= 2.39 |
| Axis | 2401 Video Server | <= 2.39 |
| Axis | 2411 Video Server | <= 2.39 |
| Axis | 2420-Ir Network Camera | <= 2.39 |
| Axis | 2420 Network Camera | <= 2.39 |
| Axis | Panorama Ptz Camera | <= 2.39 |
References
- http://osvdb.org/35602
- http://secunia.com/advisories/25093PatchVendor Advisory
- http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdfVendor Advisory
- http://www.kb.cert.org/vuls/id/355809US Government Resource
- http://www.securityfocus.com/bid/23816
- http://www.vupen.com/english/advisories/2007/1663
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34133
- http://osvdb.org/35602
- http://secunia.com/advisories/25093PatchVendor Advisory
- http://www.axis.com/techsup/software/acc/files/acc_security_update_1_00.pdfVendor Advisory
- http://www.kb.cert.org/vuls/id/355809US Government Resource
- http://www.securityfocus.com/bid/23816
- http://www.vupen.com/english/advisories/2007/1663
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34133
FAQ
What is CVE-2007-2239?
CVE-2007-2239 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 240...
How severe is CVE-2007-2239?
CVE-2007-2239 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2239?
Check the references section above for vendor advisories and patch information. Affected products include: Axis 2100 Network Camera, Axis 2110 Network Camera, Axis 2120 Network Camera, Axis 2130 Ptz Network Camera, Axis 2400 Video Server.