JetAudio.DownloadFromMusicStore.ActiveX.Remote.Code.Execution
Description
This indicates an attempt to exploit a vulnerability in JetFlExt.dll, part of COWON America's jetAudio Basic.
The vulnerability is caused by an error that occurs when the vulnerable software handles a malicious "DownloadFromMusicStore" method. It allows a remote attacker to create or overwrite arbitrary local files via a specially crafted Web page containing "dot dot" (..\\) sequences in the "dst" parameter.
Affected Products
COWON America jetAudio Basic 7.0.3 and prior versions.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
The signature can be enabled to block this traffic.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |