← Advisories

COMMAX WebViewer ActiveX Control 2.1.4.5 (Commax_WebViewer.ocx) Buffer Overflow

High

Advisory ID

ZSL-2021-5663

Release Date

15 August 2021

Vendor

COMMAX Co., Ltd. - https://www.commax.com

Affected Version

2.1.4.5

CVE

N/A

Tested On

Microsoft Windows 10 Home (64bit) EN, Microsoft Internet Explorer 20H2

Summary

COMMAX activex web viewer client (32bit) for COMMAX DVR/NVR.

Description

The vulnerability is caused due to a boundary error in the processing of user input, which can be exploited to cause a buffer overflow when a user inserts overly long array of string bytes through several functions. Successful exploitation could allow execution of arbitrary code on the affected node.

 (5220.5b30): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for CNC_Ctrl.DLL -
CNC_Ctrl!DllUnregisterServer+0xf5501:
0b4d43bf f3aa            rep stos byte ptr es:[edi]
0:038:x86> r
eax=00000000 ebx=00002000 ecx=0000000f edx=00000000 esi=41414141 edi=41414141
eip=0b4d43bf esp=0d78f920 ebp=0d78f930 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
CNC_Ctrl!DllUnregisterServer+0xf5501:
0b4d43bf f3aa            rep stos byte ptr es:[edi]

Proof of Concept

commax_bof.txtTXT

Disclosure Timeline

02.08.2021Vulnerability discovered.

03.08.2021Vendor contacted.

04.08.2021Vendor contacted.

05.08.2021No response from the vendor.

06.08.2021Vendor contacted.

14.08.2021No response from the vendor.

15.08.2021Public security advisory released.

Credits

Vulnerability discovered by Gjoko Krstic