### Vulnerability Key Information - **Title**: Panasonic Network Camera View GetImageDataPrint Untrusted Pointer Dereference Remote Code Execution Vulnerability - **ID**: - ZDI-14-364 - ZDI-CAN-2357 - **CVE ID**: CVE-2014-8755 - **CVSS Score**: 7.5 - AV:N/AC:L/Au:N/C:P/I:P/A:P - **Affected Vendor**: Panasonic - **Affected Product**: Network Camera View - **Trend Micro Customer Protection**: - Trend Micro TippingPoint IPS customers are protected by Digital Vaccine filter ID ['16282']. - More product information: http://www.tippingpoint.com - **Vulnerability Details**: - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Network Camera View. - The attack requires user interaction, such as visiting a malicious webpage or opening a malicious file. - The vulnerability specifically resides in the GetImageDataPrint method of the WebVideoCam ActiveX control, which attackers can exploit to execute code. - **Additional Details**: - Panasonic has released an update to fix this vulnerability. More information: http://security.panasonic.com/pss/security/library/howto_update_NCV.html - **Disclosure Timeline**: - 2014-06-09: Vulnerability reported to vendor - 2014-10-14: Coordinated public disclosure recommended - **Vulnerability Discoverer**: Ariele Caltabiano (kimiya)