cbcvebase.
CVE-2013-3543
published 2013-10-04

CVE-2013-3543: The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite…

PriorityP355high8.8CVSS 2.0
AVNACMAuNCNICAC
EXPLOIT
EPSS
4.13%
89.6th percentile
The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) StartRecord, (2) SaveCurrentImage, or (3) StartRecordMedia methods.

Affected

1 ranges
VendorProductVersion rangeFixed in
axismedia_control_activex_control

Detection & IOCsextracted from sources · hover to see the quote

filenameAxisMediaControlEmb.dll
versionAxisMediaControlEmb.dll 6.2.10.11
commandMyActiveX.StartRecord(theFile)
commandMyActiveX.SaveCurrentImage(theFormat, theFile)
commandMyActiveX.StartRecordMedia(theFile, theFlags, theMediaTypes)
  • Detect instantiation of the AXIS Media Control ActiveX control (AxisMediaControlEmb.dll) in a browser context, particularly when followed by calls to StartRecord, SaveCurrentImage, or StartRecordMedia methods with file path arguments.
  • Monitor for unexpected file creation or overwrite events in the context of the current user's session originating from a browser process (e.g., iexplore.exe) loading AxisMediaControlEmb.dll.
  • Alert on regedit.exe or other system executables being written/overwritten by a browser child process or ActiveX host process, as demonstrated in the PoC.
  • ·All AXIS camera devices using AMC version 6.2.10.11 (released October 19, 2012) are affected; this was the latest version at time of disclosure.
  • ·Exploitation requires the victim to be using Microsoft Internet Explorer, as AMC is the recommended viewing method specifically for IE.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.