CVE-2007-3488

Sony Network Camera SNC-P5 < 1.29 - Remote Code Execution via PrmSetNetworkParam Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3488. PoCs published by str0ke.

AI-analyzed exploit summary This is a heap overflow PoC for Sony Network Camera SNC-P5 v1.0 ActiveX control. It exploits a vulnerability in the PrmSetNetworkParam method by passing an overly long string, potentially leading to arbitrary code execution.

Description

Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by str0ke · htmldoswindows

https://www.exploit-db.com/exploits/4120

View Code ZIP pw:eip

This is a heap overflow PoC for Sony Network Camera SNC-P5 v1.0 ActiveX control. It exploits a vulnerability in the PrmSetNetworkParam method by passing an overly long string, potentially leading to arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Sony Network Camera SNC-P5 v1.0

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX control must be installed and enabled

MITRE ATT&CK