- Joined
- Mar 19, 2001
- Messages
- 37,298
Hiya
Sticking this at the top for a week, if anyone is interested
Microsoft's MSWebDVD ActiveX Control is a DVD control object that allows users to view DVD films using a browser for Microsoft Windows operating systems. MSWebDVD ActiveX Control running on Windows XP Professional SP1 and SP2 is vulnerable to a denial of service attack, caused by a buffer overflow in the AcceptParentalLevelChange function. By supplying a long password containing more than 255 characters, a remote attacker could overflow a buffer and cause the ActiveX control to crash.
Platforms Affected:
Microsoft Corporation: Windows XP Professional SP1
Microsoft Corporation: Windows XP Professional SP2
Remedy:
No remedy available as of April 2004.
Note: Microsoft recommends using the MSVidWebDVD ActiveX Control on Windows XP and later operating systems. Refer to the MSWebDVD ActiveX Control Web page for more information.
Consequences:
Denial of Service
http://xforce.iss.net/xforce/xfdb/15743
Regards
eddie
Sticking this at the top for a week, if anyone is interested
Microsoft's MSWebDVD ActiveX Control is a DVD control object that allows users to view DVD films using a browser for Microsoft Windows operating systems. MSWebDVD ActiveX Control running on Windows XP Professional SP1 and SP2 is vulnerable to a denial of service attack, caused by a buffer overflow in the AcceptParentalLevelChange function. By supplying a long password containing more than 255 characters, a remote attacker could overflow a buffer and cause the ActiveX control to crash.
Platforms Affected:
Microsoft Corporation: Windows XP Professional SP1
Microsoft Corporation: Windows XP Professional SP2
Remedy:
No remedy available as of April 2004.
Note: Microsoft recommends using the MSVidWebDVD ActiveX Control on Windows XP and later operating systems. Refer to the MSWebDVD ActiveX Control Web page for more information.
Consequences:
Denial of Service
http://xforce.iss.net/xforce/xfdb/15743
Regards
eddie
