Intrusion Prevention



This indicates an attempt to exploit a vulnerability in Xunlei Thunder that can be exploited by attackers to execute arbitrary code.
The vulnerability is caused by a boundary check error in "xplayer.dll_1_work". An attacker can cause a heap based buffer overflow by assigning an overly long (greater than 1060 bytes) string to the "FlvPlayerUrl" property of the "PPlayer.XPPlayer.1" ActiveX control (pplayer.dll_1_work).

Affected Products

The vulnerability is confirmed in version
Other versions may also be affected.


System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Check the vendor's web site for a patch or update.
Set the kill bit for the affected ActiveX control.

CVE References