CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.6%
Added: 07/16/2010
CVE: CVE-2010-0356
BID: 40719
OSVDB: 61634
Viscom Movie Player Pro SDK ActiveX is a software development kit for Microsoft Windows environments to incorporate an advanced media player with overlay text and images.
The MOVIEPLAYER.MoviePlayerCtrl.1
ActiveX control in MoviePlayer.ocx
6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 is vulnerable to a stack buffer overflow. Other versions may also be affected. Successful remote attackers could execute arbitrary code by passing a long strFontName
parameter to the DrawText
method. Unsuccessful attacks will probably result in denial of service.
Set the kill bit for the affected ActiveX control as described in Microsoft Knowledge Base Article 240797.
<http://secunia.com/advisories/38156/>
Exploit works on Viscom Software Movie Player Pro ActiveX Control 6.8.
The user must open the exploit web page using Internet Explorer 6 or 7 from the target.
Windows