Search...

UUSee UUPlayer ActiveX控件多个远程代码执行漏洞

2011-08-06T00:00:00

ID SSV:20816
Type seebug
Reporter Root
Modified 2011-08-06T00:00:00

Description

Bugtraq ID: 48975 CVE ID：CVE-2011-2589 CVE-2011-2590

UUSee是一款集P2P直播点播于一身的网络电视软件。 UUSee存在两个安全漏洞，允许攻击者以应用程序上下文执行任意代码。 -当处理"SendLogAction()"方法时UUPlayer ActiveX控件存在边界错误，通过提交超长参数可触发基于堆的缓冲区溢出。 -当处理"Play()"方法时UUPlayer ActiveX控件存在输入验证错误，向"MPlayerPath"参数传递UNC路径可以应用程序上下文执行任意程序。

UUSee UUPlayer 6.0.0.1 厂商解决方案目前没有详细解决方案提供： http://mydown.yesky.com/soft/multimedia/videoplayer/335/407335.shtml

JSON Vulners Source

Initial Source

{"href": "https://www.seebug.org/vuldb/ssvid-20816", "status": "details", "bulletinFamily": "exploit", "modified": "2011-08-06T00:00:00", "title": "UUSee UUPlayer ActiveX\u63a7\u4ef6\u591a\u4e2a\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 9.3}, "sourceHref": "", "cvelist": ["CVE-2011-2589", "CVE-2011-2590"], "description": "Bugtraq ID: 48975\r\nCVE ID\uff1aCVE-2011-2589\r\nCVE-2011-2590\r\n\r\nUUSee\u662f\u4e00\u6b3e\u96c6P2P\u76f4\u64ad\u70b9\u64ad\u4e8e\u4e00\u8eab\u7684\u7f51\u7edc\u7535\u89c6\u8f6f\u4ef6\u3002\r\nUUSee\u5b58\u5728\u4e24\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u4ee5\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n-\u5f53\u5904\u7406"SendLogAction()"\u65b9\u6cd5\u65f6UUPlayer ActiveX\u63a7\u4ef6\u5b58\u5728\u8fb9\u754c\u9519\u8bef\uff0c\u901a\u8fc7\u63d0\u4ea4\u8d85\u957f\u53c2\u6570\u53ef\u89e6\u53d1\u57fa\u4e8e\u5806\u7684\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\n-\u5f53\u5904\u7406"Play()"\u65b9\u6cd5\u65f6UUPlayer ActiveX\u63a7\u4ef6\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\uff0c\u5411"MPlayerPath"\u53c2\u6570\u4f20\u9012UNC\u8def\u5f84\u53ef\u4ee5\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u7a0b\u5e8f\u3002\n\nUUSee UUPlayer 6.0.0.1\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://mydown.yesky.com/soft/multimedia/videoplayer/335/407335.shtml", "viewCount": 2, "published": "2011-08-06T00:00:00", "sourceData": "", "id": "SSV:20816", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T18:00:51", "reporter": "Root", "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2017-11-19T18:00:51", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-2590", "CVE-2011-2589"]}, {"type": "openvas", "idList": ["OPENVAS:902563", "OPENVAS:1361412562310902563"]}], "modified": "2017-11-19T18:00:51", "rev": 2}, "vulnersScore": 6.4}, "references": []}

{"cve": [{"lastseen": "2021-02-02T05:51:03", "description": "Heap-based buffer overflow in the SendLogAction method in the UUPlayer ActiveX control 6.0.0.1 in UUSee 2010 6.11.0609.2 might allow remote attackers to execute arbitrary code via a long argument.", "edition": 4, "cvss3": {}, "published": "2011-08-09T22:55:00", "title": "CVE-2011-2589", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2589"], "modified": "2017-08-29T01:29:00", "cpe": ["cpe:/a:uusee:uusee:2010_6.11.0609.2", "cpe:/a:uusee:uuplayer_activex_control:6.0.0.1"], "id": "CVE-2011-2589", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2589", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:uusee:uusee:2010_6.11.0609.2:*:*:*:*:*:*:*", "cpe:2.3:a:uusee:uuplayer_activex_control:6.0.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:51:03", "description": "The Play method in the UUPlayer ActiveX control 6.0.0.1 in UUSee 2010 6.11.0609.2 allows remote attackers to execute arbitrary programs via a UNC share pathname in the MPlayerPath parameter.", "edition": 4, "cvss3": {}, "published": "2011-08-09T22:55:00", "title": "CVE-2011-2590", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2590"], "modified": "2017-08-29T01:29:00", "cpe": ["cpe:/a:uusee:uusee:2010_6.11.0609.2", "cpe:/a:uusee:uuplayer_activex_control:6.0.0.1"], "id": "CVE-2011-2590", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2590", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:uusee:uusee:2010_6.11.0609.2:*:*:*:*:*:*:*", "cpe:2.3:a:uusee:uuplayer_activex_control:6.0.0.1:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-02T21:13:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2590", "CVE-2011-2589"], "description": "This host is installed with UUSee UUPlayer and is prone to multiple\nremote code execution vulnerabilities.", "modified": "2017-02-20T00:00:00", "published": "2011-08-31T00:00:00", "id": "OPENVAS:902563", "href": "http://plugins.openvas.org/nasl.php?oid=902563", "type": "openvas", "title": "UUSee UUPlayer ActiveX Control Multiple Remote Code Execution Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_uusee_uuplayer_activex_mult_code_exec_vuln.nasl 5367 2017-02-20 14:16:52Z cfi $\n#\n# UUSee UUPlayer ActiveX Control Multiple Remote Code Execution Vulnerabilities\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows remote attackers to execute arbitrary\ncode in the context of the application using the ActiveX control. Failed exploit\nattempts will likely result in denial-of-service conditions.\n\nImpact Level: System/Application\";\n\ntag_affected = \"UUSee UUPlayer 2010 6.11.0609.2\";\n\ntag_insight = \"\n- A boundary error in the UUPlayer ActiveX control when handling\n the 'SendLogAction()' method can be exploited to cause a heap-based buffer\n overflow via an overly long argument.\n- An input validation error in the UUPlayer ActiveX control when handling\n the 'Play()' method can be exploited to execute an arbitrary program via\n a UNC path passed in the 'MPlayerPath' parameter.\";\n\ntag_solution = \"No solution or patch was made available for at least one year\nsince disclosure of this vulnerability. Likely none will be provided anymore.\nGeneral solution options are to upgrade to a newer release, disable respective\nfeatures, remove the product or replace the product by another one.\";\n\ntag_summary = \"This host is installed with UUSee UUPlayer and is prone to multiple\nremote code execution vulnerabilities.\";\n\nif(description)\n{\n script_id(902563);\n script_version(\"$Revision: 5367 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 15:16:52 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-31 10:37:30 +0200 (Wed, 31 Aug 2011)\");\n script_cve_id(\"CVE-2011-2589\", \"CVE-2011-2590\");\n script_bugtraq_id(48975);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"UUSee UUPlayer ActiveX Control Multiple Remote Code Execution Vulnerabilities\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/44885\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/68974\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/68975\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n## Confirm Windows\nif(!get_kb_item(\"SMB/WindowsVersion\")){\n exit(0);\n}\n\n## Confirm Application\nkey = \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\UUSEE\";\nif(!registry_key_exists(key:key)) {\n exit(0);\n}\n\n## Get Version\nversion = registry_get_sz(key:key, item:\"DisplayVersion\");\nif(version)\n{\n ## Check for UUSee UUPlayer 6.11.0609.2\n if(version_is_equal(version:version, test_version:\"6.11.0609.2\")) {\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2590", "CVE-2011-2589"], "description": "This host is installed with UUSee UUPlayer and is prone to multiple\nremote code execution vulnerabilities.", "modified": "2018-10-20T00:00:00", "published": "2011-08-31T00:00:00", "id": "OPENVAS:1361412562310902563", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902563", "type": "openvas", "title": "UUSee UUPlayer ActiveX Control Multiple Remote Code Execution Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_uusee_uuplayer_activex_mult_code_exec_vuln.nasl 11997 2018-10-20 11:59:41Z mmartin $\n#\n# UUSee UUPlayer ActiveX Control Multiple Remote Code Execution Vulnerabilities\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902563\");\n script_version(\"$Revision: 11997 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-31 10:37:30 +0200 (Wed, 31 Aug 2011)\");\n script_cve_id(\"CVE-2011-2589\", \"CVE-2011-2590\");\n script_bugtraq_id(48975);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"UUSee UUPlayer ActiveX Control Multiple Remote Code Execution Vulnerabilities\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/44885\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/68974\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/68975\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attackers to execute arbitrary\ncode in the context of the application using the ActiveX control. Failed exploit\nattempts will likely result in denial-of-service conditions.\");\n script_tag(name:\"affected\", value:\"UUSee UUPlayer 2010 6.11.0609.2\");\n script_tag(name:\"insight\", value:\"- A boundary error in the UUPlayer ActiveX control when handling\n the 'SendLogAction()' method can be exploited to cause a heap-based buffer\n overflow via an overly long argument.\n\n - An input validation error in the UUPlayer ActiveX control when handling\n the 'Play()' method can be exploited to execute an arbitrary program via\n a UNC path passed in the 'MPlayerPath' parameter.\");\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure\n of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer\n release, disable respective features, remove the product or replace the product by another one.\");\n script_tag(name:\"summary\", value:\"This host is installed with UUSee UUPlayer and is prone to multiple\nremote code execution vulnerabilities.\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(!get_kb_item(\"SMB/WindowsVersion\")){\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\UUSEE\";\nif(!registry_key_exists(key:key)) {\n exit(0);\n}\n\nversion = registry_get_sz(key:key, item:\"DisplayVersion\");\nif(version)\n{\n if(version_is_equal(version:version, test_version:\"6.11.0609.2\")) {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}