Xunlei Web Thunder ThunderServer.webThunder.1 ActiveX AddCategory File Download Vulnerability
BID:25192
Info
Xunlei Web Thunder ThunderServer.webThunder.1 ActiveX AddCategory File Download Vulnerability
| Bugtraq ID: | 25192 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 03 2007 12:00AM |
| Updated: | Aug 03 2007 11:05PM |
| Credit: | This issue was discovered by the Symantec DeepSight research team. |
| Vulnerable: |
Xunlei Web Thunder (ThunderServer.webThunder.1) 1.8.4.130 |
| Not Vulnerable: | |
Discussion
Xunlei Web Thunder ThunderServer.webThunder.1 ActiveX AddCategory File Download Vulnerability
Xunlei Web Thunder ThunderServer.WebThunder.1 ActiveX control is prone to an arbitrary-file-download vulnerability.
An attacker may exploit this issue by enticing victims into visiting a maliciously crafted webpage.
Successful exploits will allow remote attackers to download files from arbitrary locations to the affected computer.
Symantec DeepSight has identified this issue as being actively exploited in the wild.
This issue is related to the vulnerability discussed in BID 24552 (Xunlei Web Thunder ThunderServer.webThunder.1 ActiveX Control Arbitrary File Download Vulnerability).
Xunlei Web Thunder ThunderServer.WebThunder.1 ActiveX control is prone to an arbitrary-file-download vulnerability.
An attacker may exploit this issue by enticing victims into visiting a maliciously crafted webpage.
Successful exploits will allow remote attackers to download files from arbitrary locations to the affected computer.
Symantec DeepSight has identified this issue as being actively exploited in the wild.
This issue is related to the vulnerability discussed in BID 24552 (Xunlei Web Thunder ThunderServer.webThunder.1 ActiveX Control Arbitrary File Download Vulnerability).
Exploit / POC
Xunlei Web Thunder ThunderServer.webThunder.1 ActiveX AddCategory File Download Vulnerability
Attackers may exploit this issue by enticing victims into opening a maliciously crafted webpage.
The Symantec DeepSight team has identified this issue as being actively exploited in the wild.
Attackers may exploit this issue by enticing victims into opening a maliciously crafted webpage.
The Symantec DeepSight team has identified this issue as being actively exploited in the wild.
Solution / Fix
Xunlei Web Thunder ThunderServer.webThunder.1 ActiveX AddCategory File Download Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Xunlei Web Thunder ThunderServer.webThunder.1 ActiveX AddCategory File Download Vulnerability
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Xunlei Homepage (Xunlei)