Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:312073
HistoryNov 16, 2005 - 12:00 a.m.

First4Internet CodeSupport ActiveX controls incorrectly marked 'safe for scripting'

2005-11-1600:00:00
www.kb.cert.org
6

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.244 Low

EPSS

Percentile

96.6%

JSON

Overview

An ActiveX control used to uninstall XCP Digital Rights Management (DRM) software made by First 4 Internet and distributed on some Sony BMG audio CDs is marked “Safe for scripting”

Description

XCP Digital Rights Management (DRM) software by First 4 Internet, which is distributed by some Sony BMG audio CDs. The XCP copy protection software uses “rootkit” technology to hide certain files from the user. A problem has been reported in an ActiveX control used to uninstall this software.

It has been reported that upon submitting a request to uninstall the DRM software, the user will receive via email a link to a Sony BMG web page. This page will attempt to install an ActiveX control when it is displayed in Internet Explorer. This ActiveX control is marked “Safe for scripting,” which means that any web page may be able to utilize the control and its methods. Some of the methods provided by this control appear to present security problems, as they may allow an attacker to download and execute arbitrary code.

Impact

It has been reported the ActiveX control used to uninstall XCP DRM software may allow remote attackers to download and execute arbitrary code on vulnerable systems. The ActiveX control will only execute code that is packaged in a certain file format.

Solution

Set the kill-bit for CLSID {4EA7C4C5-C5C0-4F5C-A008-8293505F71CC} after uninstalling the XCP DRM software.

As an alternative, disable ActiveX controls in Internet Explorer after uninstalling the XCP DRM software. Removing the vulnerable control may also limit the potential risk reported for the CodeSupport control:

cmd /k del “%windir%\downloaded program files\codesupport.ocx”

Vendor Information

Javascript is disabled. Click here to view vendors.

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This report has been publicly credited to Matti Nikki, with additional information provided by J. Alex Halderman and Ed Felten.

This document was written by Jeffrey Havrilla.

Other Information

CVE IDs: CVE-2005-3650
Severity Metric: 7.76 Date Public:

Related

cvelist 2
nvd 2
cve 2
nessus 1
cvelist
cvelist
CVE-2005-3650
2005-11-17 11:00:00
CVE-2005-3693
2005-11-19 01:00:00
nvd
nvd
CVE-2005-3650
2005-11-17 11:02:00
CVE-2005-3693
2005-11-19 01:03:00
cve
cve
CVE-2005-3650
2005-11-17 11:02:00
CVE-2005-3693
2005-11-19 01:03:00
nessus
nessus
First4Internet XCP Uninstallation CodeSupport.ocx ActiveX Control Arbitrary Code Execution
2005-11-16 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.244 Low

EPSS

Percentile

96.6%

JSON
Related for VU:312073
cvelist2nvd2cve2nessus1