HTTP: Sony XCP DRM Uninstaller CLSID Access

This signature detects attempts to exploit several security vulnerabilities against Sony XCP Web-Based Uninstaller ActiveX ClassID. Attackers can exploit these vulnerabilities by crafting a malicious Web site that can add, remove, run any program on your computer, or reboot your computer.

Extended Description

First 4 Internet CodeSupport is susceptible to a remote code execution vulnerability. The CodeSupport package can be told to download, and then execute arbitrary content from remote Web sites. As it fails to verify that the source of the remote content is from a trusted source, attackers may utilize it to download and execute malicious code from arbitrary sources, facilitating the remote compromise of targeted computers.

Affected Products

First4internet codesupport

References

BugTraq: 15430

CVE: CVE-2005-3650

URL: http://www.freedom-to-tinker.com/?p=927 http://hack.fi/~muzzy/sony-drm/ http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3650

Short Name

HTTP:STC:CLSID:ACTIVEX:SONY-XCP

Severity

Critical

Recommended

False

Recommended Action

Drop

HTTP: Sony XCP DRM Uninstaller CLSID Access

Extended Description

Affected Products

References

Found a potential security threat?