Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    There have been reports of a vulnerability in XunleiThunder PPlayer‘s ActiveX control, a component of the Chinese software Xunlei Thunder 5.7.4 40.

    TrendLabs Researcher Jonell Baltazar reveals that the talked about vulnerability on Xunlei Thunder is in the file pplayer.dll (version included in the Thunder 5.x software package, specifically in the “FlvPlayerUrl” method where passing a specially crafted string can cause an overflow within the program and can lead to code execution.

    This vulnerability is also being actively exploited. It is included in one of the malicious Web pages as a result of the iFrames found while visiting The related blog entry can be found here.

    Until a patch is created by the software vendor, it is advisable to refrain from using the said software. In the meantime, a possible workaround is to set the kill bit for the CLSID F3E70CEA-956E-49CC-B444-73AFE593AD7 in order to disable the vulnerable ActiveX Control in Internet Explorer.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice