There have been reports of a vulnerability in XunleiThunder PPlayer‘s ActiveX control, a component of the Chinese software Xunlei Thunder 5.7.4 40.
TrendLabs Researcher Jonell Baltazar reveals that the talked about vulnerability on Xunlei Thunder is in the file pplayer.dll (version 126.96.36.199) included in the Thunder 5.x software package, specifically in the “FlvPlayerUrl” method where passing a specially crafted string can cause an overflow within the program and can lead to code execution.
This vulnerability is also being actively exploited. It is included in one of the malicious Web pages as a result of the iFrames found while visiting gameige.com. The related blog entry can be found here.
Until a patch is created by the software vendor, it is advisable to refrain from using the said software. In the meantime, a possible workaround is to set the kill bit for the CLSID F3E70CEA-956E-49CC-B444-73AFE593AD7 in order to disable the vulnerable ActiveX Control in Internet Explorer.