Korean

<< Back VID 22354 Severity 30 Port 80, ... Protocol TCP Class WWW Detailed Description The GeoVision Digital Video Surveillance System is vulnerable to an unauthorized JPEG image access vulnerability. GeoVision Digital Video Surveillance System is a PCI card that runs on Microsoft Windows with digital video range surveillance. GeoVision Digital Video Surveillance System versions 6.1, 6.04, 7.0 and possibly other versions could allow a remote unauthorized attacker to view JPEG images stored on a server, caused by an access validation error. This could be exploited to disclose images from e.g. security cameras without supplying a password. * References: http://www.esqo.com/research/advisories/2005/100505-1.txt http://secunia.com/advisories/15330/ http://archives.neohapsis.com/archives/bugtraq/2005-05/0106.html * Platforms Affected: Camera Security Now, GeoVision Digital Video Surveillance 6.04 Camera Security Now, GeoVision Digital Video Surveillance 6.1 Camera Security Now, GeoVision Digital Video Surveillance 7.0 Microsoft Windows Any version Recommendation No upgrade or patch available as of May 2005. As a workaround, follow the procedures as listed in Esqo Security Advisory 100505-1 at http://www.esqo.com/research/advisories/2005/100505-1.txt Related URL CVE-2005-1552 (CVE) Related URL 13571 (SecurityFocus) Related URL 20537 (ISS)