CVE-2013-3543
published 2013-10-04CVE-2013-3543: The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite…
PriorityP355high8.8CVSS 2.0
AVNACMAuNCNICAC
EXPLOIT
EPSS
4.13%
89.6th percentile
The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) StartRecord, (2) SaveCurrentImage, or (3) StartRecordMedia methods.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| axis | media_control_activex_control | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect instantiation of the AXIS Media Control ActiveX control (AxisMediaControlEmb.dll) in a browser context, particularly when followed by calls to StartRecord, SaveCurrentImage, or StartRecordMedia methods with file path arguments. ↗
- →Monitor for unexpected file creation or overwrite events in the context of the current user's session originating from a browser process (e.g., iexplore.exe) loading AxisMediaControlEmb.dll. ↗
- →Alert on regedit.exe or other system executables being written/overwritten by a browser child process or ActiveX host process, as demonstrated in the PoC. ↗
- ·All AXIS camera devices using AMC version 6.2.10.11 (released October 19, 2012) are affected; this was the latest version at time of disclosure. ↗
- ·Exploitation requires the victim to be using Microsoft Internet Explorer, as AMC is the recommended viewing method specifically for IE. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2013-10-04
Published