November 6th, 2007
Exploit posted for Viewpoint Media Player flaw
Exploit code for an unpatched vulnerability in the widely distributed Viewpoint Media Player has been posted on the Internet, putting millions of Internet Explorer users at risk of code execution attacks.
The exploit, available at Milw0rm.com, takes advantage of a stack-based buffer overflow in the Viewpoint browser plug-in that sits on millions of computers thanks to bundling deals with AOL, AIM, Netscape and Adobe.
The player serves as the graphics engine for AOL Instant Greetings, AIM Themes and other popular web applications and is also used to power product tours for the Toyota 4Runner and Sony laptop, desktop, and server computing products.
According to “Shinnai,” the hacker who discovered the flaw, the exploit was tested on a fully-patched Windows XP Professional SP2 with Internet Explorer 7.
The bug was found in the xMetaStream.dll (version 3.3.2.26), which is marked as safe for scripting.
The AxMetaStream activex contains various methods which accept parameters as String. All these methods are vulnerable to a stack based buffer overflow when you pass an overly long (greater than 6999 characters).
In the absense of a patch, Shinnai recommends uninstalling the Viewpoint Media Player.
“Shinnai” was the hacker behind the Month of ActiveX Bugs project.
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
