Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-2239

4 documents4 sources
Severity
9.3CRITICAL
EPSS
27.4%
top 3.59%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
10
Axis 2100 Network CameraAxis 2110 Network CameraAxis 2120 Network Camera+7 more
Timeline
PublishedMay 7
Latest updateMay 1

Description

Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages10 packages

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-fgjf-p6xg-w4q9: Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 22022-05-01
CVEList
CVE-2007-2239: Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 22007-05-07

💥Exploits & PoCs

1
Exploit-DB
AXIS Camera Control (AxisCamControl.ocx 1.0.2.15) - Remote Buffer Overflow2007-07-03
CVE-2007-2239 (CRITICAL CVSS 9.3) | Stack-based buffer overflow in the | cvebase.io