WellinTech KingView 6.53 < 2012-03-22 Multiple Vulnerabilities

According to its version, the instance of WellinTech KingView installed on the remote Windows host is affected by multiple vulnerabilities:

• A denial of service vulnerability in ‘NetGenius.exe’ when parsing invalid pointer packets resulting in a buffer overflow.

• A directory traversal vulnerability in ‘Touchvew.exe’ due to not sanitizing user input.

• An insecure DLL loading vulnerability. (CVE-2012-1819)

• A stack-based buffer overflow vulnerability that may be exploited via a specially-crafted packet sent to port 555. (CVE-2012-1830)

• A heap-based buffer overflow vulnerability that may be exploited via a specially-crafted packet sent to port 555. (CVE-2012-1831)

• An out-of-bounds read error that may be exploited via a specially-crafted packet sent to port 2001.
  (CVE-2012-1832)

• A directory traversal vulnerability that may be exploited via a specially-crafted HTTP GET request on port 8001. (CVE-2012-2560)