Today the DHS ICS-CERT published an advisory
for a buffer overflow vulnerability in the Schenider Pelco DS-NVs software
package (video management software). The vulnerability was reported by Ariele
Caltabiano (kimiya) and Andrea Micalizzi (rgod) via the HP Zero Day Initiative.
Schneider has produced a patch which mitigates the vulnerability but there is
no indication that the researchers have been given the opportunity to verify
the efficacy of the fix.
ICS-CERT reports that a relatively unskilled attacker could
remotely exploit this vulnerability to execute arbitrary code.
Neither this advisory nor the Schneider
notification identify the vulnerable DLL involved in this vulnerability so
it is not possible to tell if the vulnerability would be unique to this
application or if it might be found in multiple Schneider products.
Posts
No comments:
Post a Comment