EUVD-2007-5045

Malware in sbrugna...

Xunlei Web Thunder 5.6.9.344 ActiveX Control DownURL2 Method Remote Buffer Overflow Vulnerability

No description provided by source. var she132132132132llc13ode = unescape “%u9090 " + " %u9090 " + “%uefe9%u0000%u5a00%ua164%u0030%u0000%u408b%u8b0c” + “%u1c70%u8bad%u0840%ud88b%u738b%u8b3c%u1e74%u0378” + “%u8bf3%u207e%ufb03%u4e8b%u3314%u56ed%u5157%u3f8b” +...

Buffer overflow

Buffer overflow in a certain ActiveX control in Xunlei Web Thunder 5.6.9.344, possibly the DapPlayer ActiveX control in DapPlayerNow.dll, allows remote attackers to execute arbitrary code via a long first argument to the DownURL2 method. NOTE: some of these details are obtained from third party...

CVE-2007-5064

Buffer overflow in a certain ActiveX control in Xunlei Web Thunder 5.6.9.344, possibly the DapPlayer ActiveX control in DapPlayerNow.dll, allows remote attackers to execute arbitrary code via a long first argument to the DownURL2 method. NOTE: some of these details are obtained from third party...

CVE-2007-5064

Affects Xunlei Web Thunder 5.6.9.344 via a buffer overflow in an ActiveX control (likely DapPlayer_Now.dll’s DapPlayer ActiveX) exposed through DownURL2. This allows remote code execution by sending a long first argument to DownURL2. Descriptions come from CVE-2007-5064 and corroborating sources;...

CVE-2007-5064

Buffer overflow in a certain ActiveX control in Xunlei Web Thunder 5.6.9.344, possibly the DapPlayer ActiveX control in DapPlayerNow.dll, allows remote attackers to execute arbitrary code via a long first argument to the DownURL2 method. NOTE: some of these details are obtained from third party...

Xunlei Web Thunder ActiveX控件DownURL2方法远程缓冲区溢出漏洞

Xunlei Web Thunder是一款在线加速下载程序。 Xunlei Web Thunder提供的ActiveX控件存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序权限执行任意指令。 问题存在于DownURL2方法处理中，由于对参数缺少充分过滤，构建恶意WEB页，诱使用户访问，可导致以应用程序权限执行任意指令。 Xunlei Web Thunder 5.6.9.344 目前没有解决方案提供： http://my.xunlei.com/setup.htm OBJECT id=target classid=clsid:...

Xunlei Web Thunder 5.6.9.344 - ActiveX Control DownURL2 Method Remote Buffer Overflow

Xunlei Web Thunder 5.6.9.344 - ActiveX Control DownURL2 Method Remote Buffer Overflow source: https://www.securityfocus.com/bid/25751/info Xunlei Web Thunder is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data...

Xunlei Web Thunder 5.6.9.344 - ActiveX Control DownURL2 Method Remote Buffer Overflow

source: https://www.securityfocus.com/bid/25751/info Xunlei Web Thunder is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data. An attacker may exploit this issue by enticing victims into visiting a maliciously...

Xunlei Web Thunder ThunderServer.webThunder.1 ActiveX AddCategory文件下载漏洞

Xunlei Web Thunder是一款基于多资源超线程技术的下载工具。 Xunlei Web Thunder ThunderServer.webThunder.1 ActiveX控件存在输入验证错误，远程攻击者可以利用漏洞下载任意文件到目标用户系统，可导致任意命令执行。 攻击者必须构建恶意WEB页，诱使用户访问来触发。目前没有详细漏洞细节提供。 Xunlei Web Thunder ThunderServer.webThunder.1 1.8.4.130 目前没有详细解决方案提供： http://my.xunlei.com/setup.htm...

Xunlei Web Thunder ThunderServer.webThunder.1 ActiveX任意文件上传漏洞

Xunlei Web Thunder是一款在线加速下载程序。 Xunlei Web Thunder提供的ActiveX控件存在缓冲区溢出问题，远程攻击者可以利用漏洞下载任意程序在用户系统上以当前用户上下文权限运行。 问题存在于ThunderServer.webThunder.1,可以采用JS代码ActiveXObject"ThunderServer.webThunder.1";来激活讯雷的组件。 其中的关键函数包括: SetBrowserWindowData:新建浏览器窗口. SetConfig:设置WEB讯雷. HideBrowserWindow:隐藏浏览器...

Web Thunder(xunlei)0day vulnerability-exposure-vulnerability warning-the black bar safety net

First, the event analysis: DSW Lab AVERT panel monitor to a high risk of hearing ray vulnerability is the exposure, the vulnerability occurs in the Web thunder of one of the controls, when you install Web thunder of the user in browsing hacker carefully constructed to contain malicious code of a...