Xunlei Web Thunder ActiveX Control DownURL2 Method Remote Buffer Overflow Vulnerability
BID:25751
Info
Xunlei Web Thunder ActiveX Control DownURL2 Method Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 25751 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-5064 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 20 2007 12:00AM |
| Updated: | May 20 2008 04:04PM |
| Credit: | 7jdg is credited with the discovery of this vulnerability. |
| Vulnerable: |
Xunlei Web Thunder 5.6.9.344 |
| Not Vulnerable: | |
Discussion
Xunlei Web Thunder ActiveX Control DownURL2 Method Remote Buffer Overflow Vulnerability
Xunlei Web Thunder is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.
An attacker may exploit this issue by enticing victims into visiting a maliciously crafted webpage.
Successfully exploiting this issue will allow the attacker to execute arbitrary code within the context of the application using the ActiveX control (typically Microsoft Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.
This issue affects Xunlei Web Thunder 5.6.8.344; other versions may also be affected.
Xunlei Web Thunder is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.
An attacker may exploit this issue by enticing victims into visiting a maliciously crafted webpage.
Successfully exploiting this issue will allow the attacker to execute arbitrary code within the context of the application using the ActiveX control (typically Microsoft Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.
This issue affects Xunlei Web Thunder 5.6.8.344; other versions may also be affected.
Exploit / POC
Xunlei Web Thunder ActiveX Control DownURL2 Method Remote Buffer Overflow Vulnerability
Reports indicate this issue is being exploited in the wild.
Attackers may exploit this issue by enticing victims into opening a maliciously crafted webpage.
The following exploit code is available:
Reports indicate this issue is being exploited in the wild.
Attackers may exploit this issue by enticing victims into opening a maliciously crafted webpage.
The following exploit code is available:
Solution / Fix
Xunlei Web Thunder ActiveX Control DownURL2 Method Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Xunlei Web Thunder ActiveX Control DownURL2 Method Remote Buffer Overflow Vulnerability
References:
References:
- Chinese Weekend Compromise (Trend Micro)
- JS_IFRAME.AD (Trend Micro)
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Xunlei Homepage (Xunlei)
- Thunder 5.6.9.344 ActiveX 0day Remote Code Execution (7jdg)