1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Move MPlayer Quantum AX BO

HTTP Move MPlayer Quantum AX BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a buffer overflow vulnerability by passing long arguments into a method of Move Networks Quantum Streaming Player activex control.

Additional Information

Move Media Player Quantum Streaming 'qsp2ie07074039.dll' ActiveX control is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into insufficiently sized memory buffers.

Exploiting this issue may allow remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control (typically Internet Explorer) and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.

Affected

  • This issue affects Quantum Streaming 'qsp2ie07074039.dll' ActiveX control 7.7.4.39; other versions may also be vulnerable.

Response

Download and install all vendor patches related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube