Sony First4Internet XCP CodeSupport.ocx ActiveX code execution

first4internet-xcp-codesupport-activex (23063) The risk level is classified as HighHigh Risk

Description:

Sony First4Internet Extended Copy Protection (XCP) CodeSupport ActiveX control could allow a remote attacker to execute arbitrary code on systems that have executed the First4Internet XCP uninstallation application. When XCP DRM software is removed by visiting the vendor's Web site, the CodeSupport.ocx ActiveX control is installed and marked safe-for-scripting on the user's system. By creating a malicious Web site, a remote attacker could execute arbitrary commands on systems that have the vulnerable ActiveX control installed, if the attacker could convince affected users to visit the Web site.


Consequences:

Gain Access

Remedy:

No remedy available as of November 2008.

References:

  • Sony BMG Music Entertainment Web site: SOFTWARE UPDATES/ PLUG-INS.
  • BID-15430: First 4 Internet CodeSupport Uninstallation ActiveX Software Remote Code Execution Vulnerability
  • CVE-2005-3474: The aries.sys driver in Sony First4Internet XCP DRM software hides any file, registry key, or process with a name that starts with $sys$, which allows attackers to hide activities on a system that uses XCP.
  • CVE-2005-3650: The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the First4Internet XCP DRM, has safe for scripting enabled, which allows remote attackers to execute arbitrary code by calling vulnerable functions such as RebootMachine, IsAdministrator, and ExecuteCode.
  • OSVDB ID: 20435: Sony CD First4Internet XCP DRM aries.sys Local File/Process Manipulation
  • SA17408: Sony CD First4Internet XCP DRM Software Security Issue
  • SA17610: Sony CD First4Internet XCP Uninstallation ActiveX Control Vulnerability
  • SECTRACK ID: 1015145: Sony Music CD Hides Files, Directories, Registry Entries, and Process Names Unrelated to the CD Software
  • US-CERT VU#312073: First4Internet CodeSupport ActiveX control incorrectly marked safe for scripting
  • VUPEN/ADV-2005-2454: Sony CD First4Internet XCP Uninstallation ActiveX Vulnerabilities

Platforms Affected:

  • First 4 Internet XCP Content Management

Reported:

Nov 16, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page