CVE-2011-2591

Provideo ActiveX Controls - Remote Code Execution via Crafted Input Fields

Title source: llm
STIX 2.1

Description

Multiple buffer overflows in the Provideo ActiveX controls allow remote attackers to execute arbitrary code via crafted input fields, as demonstrated by (1) a long strIp argument to the voice method in 2way.dll in the alarm 1.0.3.1 ActiveX control, (2) a network response to AXPlayer.ocx in the GMAXPlayer 2.0.8.2 ActiveX control, the (3) UserName or (4) Password parameter to AXPlayer.ocx in the GMAXPlayer 2.0.8.2 ActiveX control, (5) a long Id parameter to the GetString method in PAxPlayer.ocx in the PAxPlayer 3.0.0.9 ActiveX control, or (6) a long strAdr parameter to the ConnectIPCam method in PAxPlayer.ocx in the PAxPlayer 3.0.0.9 ActiveX control.

References (9)

Core 9
Core References
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2011-56/
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/74314
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2011-57/
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/74313
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/48977
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/74311
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2011-58/
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/74310
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/74312

Scores

EPSS 0.0539
EPSS Percentile 91.7%

Details

CWE
CWE-119
Status published
Products (3)
provideo/alarm_activex_control 3.0.0.9
provideo/gmax_activex_control 2.0.8.2
provideo/paxplayer_activex_control 3.0.0.9
Published Aug 05, 2011
Tracked Since Feb 18, 2026