1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Dell Webcam Center ActiveX BO

Web Attack: Dell Webcam Center ActiveX BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit an ActiveX control buffer overflow vulnerability in Dell Webcam Center.

Additional Information

Dell Webcam Center is an application for the Dell laptop integrated webcam.

The application is prone to multiple stack-based buffer-overflow vulnerabilities that affect the 'BackImage', 'ScriptName', 'ModelName', and 'SRC' properties. Specifically, these issues are triggered by calling the 'sprintf()' function when the 'crazytalk4.ocx' ActiveX control loads the 'CrazyTalk4Native.dll' library.

Attackers may exploit these issues to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.

Affected

  • Reallusion CrazyTalk 4
  • Dell Webcam Center

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube