In association with heise online

04 September 2006, 16:20

ActiveX control for games allows smuggling in of programs

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Computer Emergency Readiness Team of the USA (US-CERT) has reported a security hole in the CR64Loader ActiveX module that is installed by online gaming sites such as retro64.com and miniclip.com. A buffer overrun in that ActiveX control can allow attackers to use specially manipulated websites to plant arbitrary program code onto affected computers. The code can then be executed with the user's privileges.

The sites have in the interim stopped using the ActiveX module; nevertheless, anyone who has played even one game on the sites may still have the module on their computer. To close the security hole, US-CERT recommends setting the kill bit for the CR64Loader, which prevents Internet Explorer from calling it.

To do so, one must search in the registry editor for the module's Class ID "{288C5F13-7E52-4ADA-A32E-F5BF9D125F99}" (without quotation marks). Under that registry key, the DWORD "Compatibility Flags" must be created and assigned the value "0x00000400". Users should be extremely cautious when working with the registry editor, however, since unintended changes can so thoroughly damage the system that Windows cannot load again. A previous backup of important data is recommended.

See also:

(ehe)

Print Version | Send by email | Permalink: http://h-online.com/-731438
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit