Move Media Player Quantum Streaming IE Player ActiveX control buffer overflow
| movemedia-quantum-streaming-bo (36433) |  High Risk |
Description:
The Move Media Player Quantum Streaming IE Player ActiveX control (qsp2ie07051001.dl) is vulnerable to a stack-based buffer overflow. By persuading a victim to visit a specially-crafted Web page that passes an overly long string to the Play() or Buzzer() methods, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the user or cause the victim's browser to crash.
Platforms Affected:
- Move Networks, Quantum Streaming IE Player ActiveX 1.0.0.1
Remedy:
No remedy available as of September 13, 2008.
Consequences:
Gain Access
References:
- Move Networks Web site, Quantum Streaming IE Player ActiveX control at http://www.movenetworks.com/.
- BID-25529: Move Media Player Quantum Streaming ActiveX Control Multiple Buffer Overflow Vulnerabilities
- CVE-2007-4722: Multiple stack-based buffer overflows in the Quantum Streaming Internet Explorer Player ActiveX control in qsp2ie07051001.dll 1.0.0.1 in Move Media Player allow remote attackers to execute arbitrary code via a long string to the (1) Play and (2) Buzzer methods.
- SA26600: Move Media Player Quantum Streaming IE Player ActiveX Control Buffer Overflows
- US-CERT VU#298345: Move Networks Quantum Streaming Player ActiveX stack buffer overflows
Reported:
Sep 04, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net