Thunder.XPPlayer.FlvPlayerUrl.Handle.Buffer.Overflow
Description
This indicates an attempt to exploit a vulnerability in Xunlei Thunder that can be exploited by attackers to execute arbitrary code.
The vulnerability is caused by a boundary check error in "xplayer.dll_1_work". An attacker can cause a heap based buffer overflow by assigning an overly long (greater than 1060 bytes) string to the "FlvPlayerUrl" property of the "PPlayer.XPPlayer.1" ActiveX control (pplayer.dll_1_work).
Affected Products
The vulnerability is confirmed in version 5.7.4.401.
Other versions may also be affected.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Check the vendor's web site for a patch or update.
Set the kill bit for the affected ActiveX control.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |