| VID |
21431 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Webcam Watchdog has a 'sresult.exe' Cross-site Scripting Vulnerability.
Webcam Watchdog is a video recording and monitoring program for Microsoft Windows operating systems. Webcam Watchdog version 4.0.1a is vulnerable to cross-site scripting vulnerability, caused by a failure of the application to properly validate user-supplied input in the 'sresult.exe' script. A remote attacker could create a specially crafted URL link to the 'sresult.exe' script containing malicious script code in 'cam' variable, and then could persuade a target user to click it. Once the URL is clicked, the embedded codes would be executed in the victim's Web browser. A remote attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=8260
http://securitytracker.com/alerts/2004/Jul/1010824.html
* Platforms Affected:
Webcam Watchdog 4.0.1a
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of June 2014.
Upgrade to the new version of Webcam Watchdog, when new version fixed this problem becomes available from the Webcam Web Site at http://www.webcamsoft.com/en/watchdog.html |
| Related URL |
CVE-2004-2528 (CVE) |
| Related URL |
10837 (SecurityFocus) |
| Related URL |
16854 (ISS) |
|
