MSWebDVD ActiveX Control long password buffer overflow

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

eddie5659

Thread Starter
Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Hiya

Sticking this at the top for a week, if anyone is interested :)

Microsoft's MSWebDVD ActiveX Control is a DVD control object that allows users to view DVD films using a browser for Microsoft Windows operating systems. MSWebDVD ActiveX Control running on Windows XP Professional SP1 and SP2 is vulnerable to a denial of service attack, caused by a buffer overflow in the AcceptParentalLevelChange function. By supplying a long password containing more than 255 characters, a remote attacker could overflow a buffer and cause the ActiveX control to crash.

Platforms Affected:

Microsoft Corporation: Windows XP Professional SP1
Microsoft Corporation: Windows XP Professional SP2
Remedy:

No remedy available as of April 2004.

Note: Microsoft recommends using the MSVidWebDVD ActiveX Control on Windows XP and later operating systems. Refer to the MSWebDVD ActiveX Control Web page for more information.

Consequences:

Denial of Service

http://xforce.iss.net/xforce/xfdb/15743

Regards

eddie
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top