1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Audio CD Ripper ActiveX DoS

HTTP Audio CD Ripper ActiveX DoS

Severity: Medium

This attack could pose a moderate security threat. It does not require immediate action.

Description

This signature detects attempts to exploit a denial of service vulnerability by passing specially crafted arguments into a method of Audio CD Ripper ActiveX control.

Additional Information

Audio CD Ripper is an ActiveX control that allows users to rip CDA tracks from CDs into various audio formats.

The applicaition is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions. Specifically, a NULL-pointer dereference error occurs in the 'init()' function residing in the 'AudtionCDRipperOCX.ocx' ActiveX control, resulting in a denial-of-service condition.

An attacker may exploit this issue by enticing victims into opening a malicious webpage or HTML email that invokes the affected control.

Successfully exploiting this issue will cause the affected application to crash, denying service to legitimate users.

Affected

  • This issue affects Audio CD Ripper 1.0; other versions may also be affected.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube