CVE-2013-3543

AXIS Media Control ActiveX Control - Arbitrary File Write via StartRecord, SaveCurrentImage, or StartRecordMedia Methods

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3543. PoCs published by Javier Repiso Sánchez.

AI-analyzed exploit summary This exploit demonstrates an ActiveX vulnerability in AXIS Media Control (CVE-2013-3543) where unsafe methods like StartRecord(), SaveCurrentImage(), and StartRecordMedia() can be abused to overwrite or create arbitrary files in the context of the current user.

Description

The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) StartRecord, (2) SaveCurrentImage, or (3) StartRecordMedia methods.

Exploits (1)

exploitdb WORKING POC

by Javier Repiso Sánchez · textdoswindows

https://www.exploit-db.com/exploits/26173

View Code ZIP pw:eip

This exploit demonstrates an ActiveX vulnerability in AXIS Media Control (CVE-2013-3543) where unsafe methods like StartRecord(), SaveCurrentImage(), and StartRecordMedia() can be abused to overwrite or create arbitrary files in the context of the current user.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: AXIS Media Control (AxisMediaControlEmb.dll) version 6.2.10.11 and earlier

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer with the vulnerable ActiveX control installed

MITRE ATT&CK

T1218.002 - Control Panel

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2013/Jun/84

Scores

EPSS 0.0413

EPSS Percentile 89.5%

Details

CWE

CWE-264

Status published

Products (1)

axis/media_control_activex_control 6.2.10.11

Published Oct 04, 2013

Tracked Since Feb 18, 2026