virus logo Intrusion Prevention

LifeSize.Room.Security.Bypass.Command.Execution

description-logoDescription

This indicates an attempt to exploit a Security Bypass vulnerability in LifeSize Communications.
This vulnerability is due to the lack of proper input validation for the command line arguments passed to the various URL protocol handlers. It is possible to trigger this exploit without user interaction, simply by visiting a webpage.

affected-products-logoAffected Products

LifeSize Communications LifeSize Room 4.7.18
LifeSize Communications LifeSize Room 3.5.3

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor supplied patches for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

2011-2763
ID 30236
Created Nov 30, 2011
Updated Mar 20, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID
Default Action drop
Active
Affected OS Windows
Affected App Other