PPStream PowerPlayer.DLL ActiveX Control Buffer Overflow Vulnerability
BID:25502
Info
PPStream PowerPlayer.DLL ActiveX Control Buffer Overflow Vulnerability
| Bugtraq ID: | 25502 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4748 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 31 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | dummy <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
PPStream PowerPlayer ActiveX Control 2.0.1 .3829 |
| Not Vulnerable: | |
Discussion
PPStream PowerPlayer.DLL ActiveX Control Buffer Overflow Vulnerability
PPStream PowerPlayer ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
PPStream PowerPlayer ActiveX control 2.0.1.3829 is vulnerable to this issue; other versions may also be affected.
PPStream PowerPlayer ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.
PPStream PowerPlayer ActiveX control 2.0.1.3829 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
PPStream PowerPlayer.DLL ActiveX Control Buffer Overflow Vulnerability
NOTE: Further investigation reveals that this issue is being actively exploited in the wild.
To exploit this issue, an attacker must entice an unsuspecting user to access a malicious webpage.
The following exploit is available:
NOTE: Further investigation reveals that this issue is being actively exploited in the wild.
To exploit this issue, an attacker must entice an unsuspecting user to access a malicious webpage.
The following exploit is available:
Solution / Fix
PPStream PowerPlayer.DLL ActiveX Control Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
PPStream PowerPlayer.DLL ActiveX Control Buffer Overflow Vulnerability
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- PPStream Home Page (PPStream)