Shenzhen Sricctv DeviceViewer for XP Login Form username memory corruption

A vulnerability classified as critical was found in Shenzhen Sricctv DeviceViewer for XP. Affected by this vulnerability is the functionality of the component Login Form. The manipulation of the argument username with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was released 05/09/2019 as EDB-ID 46779 as uncorroborated exploit (Exploit-DB). It is possible to read the advisory at exploit-db.com. This vulnerability is known as CVE-2019-11563 since 04/26/2019. Technical details and also a public exploit are known.

After immediately, there has been an exploit disclosed. It is declared as proof-of-concept. It is possible to download the exploit at exploit-db.com.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Vendor

Name

VulDB Meta Base Score: 5.5
VulDB Meta Temp Score: 5.3

VulDB Base Score: ≈5.5
VulDB Temp Score: ≈5.3
VulDB Vector: ?
VulDB Reliability: ?

VulDB Base Score: ?
VulDB Temp Score: ?
VulDB Reliability: ?
Class: Memory corruption (CWE-119)
Local: Yes
Remote: No

Availability: ?
Access: Public
Status: Proof-of-Concept
Download: ?

Price Prediction: ?
Current Price Estimation: ?

Exploit-DB: ?

Threat Intelligenceinfoedit

Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?Recommended: no mitigation known
0-Day Time: ?
Exploit Delay Time: ?04/26/2019 CVE assigned
05/09/2019 +13 days Advisory disclosed
05/09/2019 +0 days Exploit disclosed
05/09/2019 +0 days EDB entry disclosed
05/10/2019 +1 days VulDB entry created
05/10/2019 +0 days VulDB last updateAdvisory: EDB-ID 46779
Status: Uncorroborated

CVE: CVE-2019-11563 (?)

Created: 05/10/2019 06:52 AM
Complete: ?

Comments are closed.