1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Viscom Movie Player ActiveX BO CVE-2010-0356

Web Attack: Viscom Movie Player ActiveX BO CVE-2010-0356

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This Signature detects attempts to cause buffer overflow in Movie Player Pro SDK ActiveX.

Additional Information

Movie Player Pro SDK ActiveX is an ActiveX control that provides media playback functionality.

Movie Player Pro SDK ActiveX control is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this vulnerability by passing an overly long string through the 'strFontName' parameter to the 'DrawText' ActiveX method of the 'MoviePlayer.ocx' ActiveX control identified by CLSID:

F4A32EAF-F30D-466D-BEC8-F4ED86CAF84E

Successful exploits may allow an attacker to execute arbitrary code in the context of a user running the affected application. Failed attempts will likely result in denial-of-service conditions

Movie Player Pro SDK ActiveX 6.8 is vulnerable; other versions may be affected.

Affected

  • Viscom Softwares Movie Player Pro SDK ActiveX.

Response

Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube