OSVDB ID: 20887

Title: Sony CD First4Internet XCP Uninstallation CodeSupport.ocx ActiveX Control Arbitrary Code Execution

Info

Disclosure

Nov 15, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Unknown or Incomplete

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability. The MS05-054 cumulative update sets the kill bit on the First4Internet XCP Uninstallation ActiveX control.

Products

Unknown or Incomplete

References

Bugtraq ID: 15430
Secunia Advisory ID: 17610
CVE ID: 2005-3650 (see also: NVD)
Related OSVDB ID: 20435
ISS X-Force ID: 23063
CERT VU: 312073
Vendor Specific Solution URL: http://cp.sonybmg.com/xcp/english/updates.html
Other Advisory URL: http://hack.fi/~muzzy/sony-drm/
http://www.freedom-to-tinker.com/?p=927
Generic Informational URL: http://www.eweek.com/article2/0,1895,1881203,00.asp
http://www.eweek.com/article2/0,1895,1885868,00.asp
Mail List Post: http://www.f-secure.com/weblog/archives/archive-112005.html#00000709
Microsoft Security Bulletin: MS05-054

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218