Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    There have been reports of a vulnerability in XunleiThunder PPlayer‘s ActiveX control, a component of the Chinese software Xunlei Thunder 5.7.4 40.

    TrendLabs Researcher Jonell Baltazar reveals that the talked about vulnerability on Xunlei Thunder is in the file pplayer.dll (version 1.2.3.49) included in the Thunder 5.x software package, specifically in the “FlvPlayerUrl” method where passing a specially crafted string can cause an overflow within the program and can lead to code execution.

    This vulnerability is also being actively exploited. It is included in one of the malicious Web pages as a result of the iFrames found while visiting gameige.com. The related blog entry can be found here.

    Until a patch is created by the software vendor, it is advisable to refrain from using the said software. In the meantime, a possible workaround is to set the kill bit for the CLSID F3E70CEA-956E-49CC-B444-73AFE593AD7 in order to disable the vulnerable ActiveX Control in Internet Explorer.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice