HTTP: Axis Media Control Unsafe ActiveX Control

This signature detects attempts to use unsafe ActiveX controls in Axis Media Control. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) StartRecord, (2) SaveCurrentImage, or (3) StartRecordMedia methods.

Affected Products

Axis media_control_activex_control

References

BugTraq: 41078

CVE: CVE-2013-3543

Short Name
HTTP:STC:ACTIVEX:AXIS-MEDIA-BO
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX Axis CVE-2013-3543 Control Media Unsafe bid:41078
Release Date
06/18/2013
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Axis

CVSS Score

8.8

Found a potential security threat?