The host is installed with WellinTech KingView 6.52 or 6.53 and is prone to a stack-based buffer overflow vulnerability. A flaw is present in the ActiveX control in KVWebSvr.dll, which fails to sanitize user supplied input to ValidateUser method. Successful exploitation could allow an attacker to overflow the buffer.