1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Geovision LiveX ActiveX File Overwrite

HTTP Geovision LiveX ActiveX File Overwrite

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a file overwrite vulnerability in GeoVision LiveX ActiveX Control.

Additional Information

GeoVision LiveX is an ActiveX control for displaying information in graphs on a web page.

The application is prone to a vulnerability that allows attackers to overwrite files with arbitrary, attacker-supplied content. Specifically, the 'SnapShotToFile()' method will overwrite files in an insecure manner. The control is identified by the following CLSIDs:

DA8484DE-52DB-4860-A986-61A8682E298A
F4421170-DB22-4551-BBFB-FFCFFB419F6F
8D58D690-6B71-4EE8-85AD-006DB0287BF1

An attacker can exploit this issue to corrupt and overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

Affected

  • GeoVision LiveX ActiveX control versions 7000, 8120 and 8200 are vulnerable; other versions may also be affected.

Response

Download and install all vendor patches related to this vulnerability.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube