Two vulnerabilities have been discovered in SmartVMD ActiveX Control, which can be exploited by malicious people to overwrite and delete arbitrary files.

The vulnerabilities are caused due to the VideoMovementDetection.MotionDetection (VideoMovementDetection.dll) ActiveX control providing the insecure "StartVideoSaving()" and "SaveMaskToFile()" methods. This can be exploited to delete or overwrite arbitrary files on the local system via arguments passed to the affected methods.

These vulnerabilities are confirmed in version 1.1 trial (VideoMovementDetection.dll version 1.0.0.1). Other versions may also be affected.

Set the kill-bit for the affected ActiveX control.