1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: HTTP MS MPEG2TuneRequestControl ActiveX BO CVE-2008-0015

Web Attack: HTTP MS MPEG2TuneRequestControl ActiveX BO CVE-2008-0015

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to instantiate BDATuner.MPEG2TuneRequest ActiveX object. Creation of this object may result in remote code execution which could compromise the target host.

Additional Information

Microsoft TV Technologies is a component that provides support for digital TV applications. It is available for Windows XP.

TV Technologies is prone to a remote code-execution vulnerability that affects the 'BDATuner.MPEG2TuneRequest.1' object and can be triggered when the object is instantiated with malformed input through the 'data' parameter. The object is associated with the following CLSID:

0955AC62-BF2E-4CBA-A2B9-A63F772D46CF

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted site.

Successful exploits may allow an attacker to execute arbitrary code with the privileges of the user running the application.

Affected

  • Microsoft Windows XP Home SP2

Response

Download and install all patches from the vendor related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube