TVUPlayer 'PlayerOcx.ocx' Active X Control Arbitrary File Overwrite Vulnerability.
BID:39956
Info
TVUPlayer 'PlayerOcx.ocx' Active X Control Arbitrary File Overwrite Vulnerability.
| Bugtraq ID: | 39956 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 03 2010 12:00AM |
| Updated: | Feb 03 2010 12:00AM |
| Credit: | Evdokimov Dmitriy |
| Vulnerable: |
TVU Networks TVUPlayer 2.4.4.9beta1 |
| Not Vulnerable: | |
Discussion
TVUPlayer 'PlayerOcx.ocx' Active X Control Arbitrary File Overwrite Vulnerability.
TVUPlayer ActiveX control is prone to a vulnerability that lets attackers overwrite arbitrary local files on the victim's computer in the context of the vulnerable application, typically Internet Explorer, using the ActiveX control.
TVUPlayer 2.4.9beta1 [build1797] is vulnerable; other versions may be affected.
TVUPlayer ActiveX control is prone to a vulnerability that lets attackers overwrite arbitrary local files on the victim's computer in the context of the vulnerable application, typically Internet Explorer, using the ActiveX control.
TVUPlayer 2.4.9beta1 [build1797] is vulnerable; other versions may be affected.
Exploit / POC
TVUPlayer 'PlayerOcx.ocx' Active X Control Arbitrary File Overwrite Vulnerability.
To exploit this issue, an attacker must entice an unsuspecting victim into viewing a malicious webpage.
The following example is available:
To exploit this issue, an attacker must entice an unsuspecting victim into viewing a malicious webpage.
The following example is available:
Solution / Fix
TVUPlayer 'PlayerOcx.ocx' Active X Control Arbitrary File Overwrite Vulnerability.
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
TVUPlayer 'PlayerOcx.ocx' Active X Control Arbitrary File Overwrite Vulnerability.
References:
References:
- [DSECRG-09-065] TuvNetworks TVUPlayer ActiveX component - Insecure method ( Evdokimov Dmitriy)
- Microsoft Knowledge Base Article 240797 (Microsoft)
- TVUPlayer - Homepage (TVU Networks)
- [DSECRG-09-065] TVUPlayer PlayerOcx.ocx ActiveX - Insecure method (Alexandr Polyakov