DivX Web Player NPDIVX32.DLL ActiveX Control Remote Denial of Service Vulnerability

Bugtraq ID:	22133
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	Jan 19 2007 12:00AM
Updated:	Jan 25 2007 04:14PM
Credit:	shinnai <[email protected]> discovered this vulnerability.
Vulnerable:	DivX Inc. DivX Web Player 1.2
Not Vulnerable:

DivX Web Player NPDIVX32.DLL ActiveX Control Remote Denial of Service Vulnerability

DivX Web Player is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control.

The DivX Web Player version included with DivX Player 6.4.1 is vulnerable to this issue. Information on whether other versions are affected is not currently available.

DivX Web Player NPDIVX32.DLL ActiveX Control Remote Denial of Service Vulnerability

An example exploit has been provided:

• /data/vulnerabilities/exploits/22133.html

DivX Web Player NPDIVX32.DLL ActiveX Control Remote Denial of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

DivX Web Player NPDIVX32.DLL ActiveX Control Remote Denial of Service Vulnerability

References:

• DivX Web Player Product Page (DivX Inc.)
  
• Microsoft Knowledge Base Article 240797 (Microsoft)