CVE-2015-4647

medium

Published 2015-07-06 · Modified 2026-05-06

CVSS v3

—

CVSS v2

6.8

VIR risk

6.8

Description

Multiple stack-based buffer overflows in Ipropsapi in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allow remote attackers to execute arbitrary code via a long string in the (1) FilePassword property or to the (2) GetStringInfo method.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://security.panasonic.com/pss/security/library/developer.html#SDK

Application impact

Vendor	Product	Versions	Fixed
panasonic	security_api_activex_sdk	`{"endIncluding":"8.10.14"}`

References

http://security.panasonic.com/pss/security/library/developer.html#SDK
http://www.securityfocus.com/bid/75409
http://www.zerodayinitiative.com/advisories/ZDI-15-259/
http://www.zerodayinitiative.com/advisories/ZDI-15-260/
http://security.panasonic.com/pss/security/library/developer.html#SDK
http://www.securityfocus.com/bid/75409
http://www.zerodayinitiative.com/advisories/ZDI-15-259/
http://www.zerodayinitiative.com/advisories/ZDI-15-260/

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.