1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP DiVX Zenith Player ActiveX BO

HTTP DiVX Zenith Player ActiveX BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature attempts to detect buffer overflow vulnerability in the DiVX Zenith Player AviFixer ActiveX Control.

Additional Information

Global DiVX Zenith Player (GDiVX Player) is a multimedia player used to play DiVX files.

Global DiVX Zenith Player AviFixer (fix.dll) ActiveX control is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Specifically, the control with a CLSID of '2225E9BC-AFB3-4ED4-B20E-4F6CF1C39F8B' fails to properly sanitize user-supplied input to the 'SetInputFile()' method. By passing an inordinately long string of approximately 264 bytes as input to the affected method, an attacker can trigger a stack-based buffer overflow.

Attackers may exploit this issue by enticing victims into opening a malicious webpage or HTML email that invokes the affected control. A successful attack would corrupt process memory, allowing arbitrary code to run in the context of the client application using the affected ActiveX control.

All versions of Global DiVX Zenith Player with 'fix.dll' version 1.0.0.1 are considered vulnerable to this issue.

Affected

  • Global DiVX Zenith Player with 'fix.dll' version 1.0.0.1

Response

Ensure that the latest version of the Global DiVX Zenith Player is installed and all available vendor patches have been applied.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube